CacheQL: Quantifying and Localizing Cache Side-Channel Vulnerabilities in Production Software

09/29/2022
by   Yuanyuan Yuan, et al.
0

Cache side-channel attacks extract secrets by examining how victim software accesses cache. To date, practical attacks on cryptosystems and media libraries are demonstrated under different scenarios, inferring secret keys and reconstructing private media data such as images. This work first presents eight criteria for designing a full-fledged detector for cache side-channel vulnerabilities. Then, we propose CacheQL, a novel detector that meets all of these criteria. CacheQL precisely quantifies information leaks of binary code, by characterizing the distinguishability of logged side channel traces. Moreover, CacheQL models leakage as a cooperative game, allowing information leakage to be precisely distributed to program points vulnerable to cache side channels. CacheQL is meticulously optimized to analyze whole side channel traces logged from production software (where each trace can have millions of records), and it alleviates randomness introduced by cryptographic blinding, ORAM, or real-world noises. Our evaluation quantifies side-channel leaks of production cryptographic and media software. We further localize vulnerabilities reported by previous detectors and also identify a few hundred new leakage sites in recent OpenSSL (ver. 3.0.0), MbedTLS (ver. 3.0.0), Libgcrypt (ver. 1.9.4). Many of our localized program points are within the pre-processing modules of cryptosystems, which are not analyzed by existing works due to scalability. We also localize vulnerabilities in Libjpeg (ver. 2.1.2) that leak privacy about input images.

READ FULL TEXT
research
09/10/2022

Cache Refinement Type for Side-Channel Detection of Cryptographic Software

Cache side-channel attacks exhibit severe threats to software security a...
research
12/09/2021

Automated Side Channel Analysis of Media Software with Manifold Learning

The prosperous development of cloud computing and machine learning as a ...
research
08/03/2022

Layered Binary Templating: Efficient Detection of Compiler- and Linker-introduced Leakage

Cache template attacks demonstrated automated leakage of user input in s...
research
09/04/2019

Certified Side Channels

We demonstrate that the format in which private keys are persisted impac...
research
04/30/2023

MAMBO-V: Dynamic Side-Channel Leakage Analysis on RISC-V

RISC-V is an emerging technology, with applications ranging from embedde...
research
05/30/2019

Identifying Cache-Based Side Channels through Secret-Augmented Abstract Interpretation

Cache-based side channels enable a dedicated attacker to reveal program ...
research
04/08/2022

Leverage the Average: Averaged Sampling in Pre-Silicon Side-Channel Leakage Assessment

Pre-silicon side-channel leakage assessment is a useful tool to identify...

Please sign up or login with your details

Forgot password? Click here to reset