Debreach: Mitigating Compression Side Channels via Static Analysis and Transformation

by   Brandon Paulsen, et al.

Compression is an emerging source of exploitable side-channel leakage that threatens data security, particularly in web applications where compression is indispensable for performance reasons. Current approaches to mitigating compression side channels have drawbacks in that they either degrade compression ratio drastically or require too much effort from developers to be widely adopted. To bridge the gap, we develop Debreach, a static analysis and program transformation based approach to mitigating compression side channels. Debreach consists of two steps. First, it uses taint analysis to soundly identify flows of sensitive data in the program and uses code instrumentation to annotate data before feeding them to the compressor. Second, it enhances the compressor to exploit the freedom to not compress of standard compression protocols, thus removing the dependency between sensitive data and the size of the compressor's output. Since Debreach automatically instruments applications and does not change the compression protocols, it has the advantage of being non-disruptive and compatible with existing systems. We have evaluated Debreach on a set of web server applications written in PHP. Our experiments show that, while ensuring leakage-freedom, Debreach can achieve significantly higher compression performance than state-of-the-art approaches.



There are no comments yet.


page 1


Mitigating Power Side Channels during Compilation

The code generation modules inside modern compilers such as GCC and LLVM...

Practical Timing Side Channel Attacks on Memory Compression

Compression algorithms are widely used as they save memory without losin...

Learning, compression, and leakage: Minimizing classification error via meta-universal compression principles

Learning and compression are driven by the common aim of identifying and...

IFDS Taint Analysis with Access Paths

Over the years, static taint analysis emerged as the analysis of choice ...

Analyzing and Mitigating Compression Defects in Deep Learning

With the proliferation of deep learning methods, many computer vision pr...

Gelato: Feedback-driven and Guided Security Analysis of Client-side Web Applications

Even though a lot of effort has been invested in analyzing client-side w...

Mitigating Information Leakage in Image Representations: A Maximum Entropy Approach

Image recognition systems have demonstrated tremendous progress over the...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.