DifFuzz: Differential Fuzzing for Side-Channel Analysis

11/16/2018
by   Shirin Nilizadeh, et al.
0

Side-channel attacks allow an adversary to uncover secret program data by observing the behavior of a program with respect to a resource, such as execution time, consumed memory or response size. Side-channel vulnerabilities are difficult to reason about as they involve analyzing the correlations between resource usage over multiple program paths. We present DifFuzz, a fuzzing-based approach for detecting side-channel vulnerabilities related to time and space. DifFuzz automatically detects these vulnerabilities by analyzing two versions of the program and using resource-guided heuristics to find inputs that maximize the difference in resource consumption between secret-dependent paths. The methodology of DifFuzz is general and can be applied to programs written in any language. For this paper, we present an implementation that targets analysis of Java programs, and uses and extends the Kelinci and AFL fuzzers. We evaluate DifFuzz on a large number of Java programs and demonstrate that it can reveal unknown side-channel vulnerabilities in popular applications. We also show that DifFuzz compares favorably against Blazer and Themis, two state-of-the-art analysis tools for finding side-channels in Java programs.

READ FULL TEXT

page 1

page 2

page 3

page 4

02/09/2020

HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing

Contemporary fuzz testing techniques focus on identifying memory corrupt...
06/29/2020

SeMPE: Secure Multi Path Execution Architecture for Removing Conditional Branch Side Channels

One of the most prevalent source of side channel vulnerabilities is the ...
06/08/2018

Badger: Complexity Analysis with Fuzzing and Symbolic Execution

Hybrid testing approaches that involve fuzz testing and symbolic executi...
04/02/2022

Differential Cost Analysis with Simultaneous Potentials and Anti-potentials

We present a novel approach to differential cost analysis that, given a ...
08/30/2018

Data-Driven Debugging for Functional Side Channels

Functional side channels arise when an attacker knows that the secret va...
01/28/2019

Quantitative Verification of Masked Arithmetic Programs against Side-Channel Attacks

Power side-channel attacks, which can deduce secret data via statistical...
04/21/2021

Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization

In the era of microarchitectural side channels, vendors scramble to depl...