Identifying Cache-Based Side Channels through Secret-Augmented Abstract Interpretation

05/30/2019
by   Shuai Wang, et al.
0

Cache-based side channels enable a dedicated attacker to reveal program secrets by measuring the cache access patterns. Practical attacks have been shown against real-world crypto algorithm implementations such as RSA, AES, and ElGamal. By far, identifying information leaks due to cache-based side channels, either in a static or dynamic manner, remains a challenge: the existing approaches fail to offer high precision, full coverage, and good scalability simultaneously, thus impeding their practical use in real-world scenarios. In this paper, we propose a novel static analysis method on binaries to detect cache-based side channels. We use abstract interpretation to reason on program states with respect to abstract values at each program point. To make such abstract interpretation scalable to real-world cryptosystems while offering high precision and full coverage, we propose a novel abstract domain called the Secret-Augmented Symbolic domain (SAS). SAS tracks program secrets and dependencies on them for precision, while it tracks only coarse-grained public information for scalability. We have implemented the proposed technique into a practical tool named CacheS and evaluated it on the implementations of widely-used cryptographic algorithms in real-world crypto libraries, including Libgcrypt, OpenSSL, and mbedTLS. CacheS successfully confirmed a total of 154 information leaks reported by previous research and 54 leaks that were previously unknown. We have reported our findings to the developers. And they confirmed that many of those unknown information leaks do lead to potential side channels.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
09/28/2017

Ascertaining Uncertainty for Efficient Exact Cache Analysis

Static cache analysis characterizes a program's cache behavior by determ...
research
09/10/2022

Cache Refinement Type for Side-Channel Detection of Cryptographic Software

Cache side-channel attacks exhibit severe threats to software security a...
research
06/06/2018

Eliminating Timing Side-Channel Leaks using Program Repair

We propose a method, based on program analysis and transformation, for e...
research
09/29/2022

CacheQL: Quantifying and Localizing Cache Side-Channel Vulnerabilities in Production Software

Cache side-channel attacks extract secrets by examining how victim softw...
research
09/21/2022

Interactive Abstract Interpretation: Reanalyzing Whole Programs for Cheap

To put static program analysis at the fingertips of the software develop...
research
07/09/2018

Adversarial Symbolic Execution for Detecting Concurrency-Related Cache Timing Leaks

The timing characteristics of cache, a high-speed storage between the fa...
research
04/27/2023

Identifying Minimal Changes in the Zone Abstract Domain

Verification techniques express program states as logical formulas over ...

Please sign up or login with your details

Forgot password? Click here to reset