DifFuzz: Differential Fuzzing for Side-Channel Analysis

by   Shirin Nilizadeh, et al.

Side-channel attacks allow an adversary to uncover secret program data by observing the behavior of a program with respect to a resource, such as execution time, consumed memory or response size. Side-channel vulnerabilities are difficult to reason about as they involve analyzing the correlations between resource usage over multiple program paths. We present DifFuzz, a fuzzing-based approach for detecting side-channel vulnerabilities related to time and space. DifFuzz automatically detects these vulnerabilities by analyzing two versions of the program and using resource-guided heuristics to find inputs that maximize the difference in resource consumption between secret-dependent paths. The methodology of DifFuzz is general and can be applied to programs written in any language. For this paper, we present an implementation that targets analysis of Java programs, and uses and extends the Kelinci and AFL fuzzers. We evaluate DifFuzz on a large number of Java programs and demonstrate that it can reveal unknown side-channel vulnerabilities in popular applications. We also show that DifFuzz compares favorably against Blazer and Themis, two state-of-the-art analysis tools for finding side-channels in Java programs.


page 1

page 2

page 3

page 4


HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing

Contemporary fuzz testing techniques focus on identifying memory corrupt...

SeMPE: Secure Multi Path Execution Architecture for Removing Conditional Branch Side Channels

One of the most prevalent source of side channel vulnerabilities is the ...

Badger: Complexity Analysis with Fuzzing and Symbolic Execution

Hybrid testing approaches that involve fuzz testing and symbolic executi...

Differential Cost Analysis with Simultaneous Potentials and Anti-potentials

We present a novel approach to differential cost analysis that, given a ...

Data-Driven Debugging for Functional Side Channels

Functional side channels arise when an attacker knows that the secret va...

Multi-graded Featherweight Java

Resource-aware type systems statically approximate not only the expected...

Quantitative Verification of Masked Arithmetic Programs against Side-Channel Attacks

Power side-channel attacks, which can deduce secret data via statistical...

Please sign up or login with your details

Forgot password? Click here to reset