Incremental Adaptive Attack Synthesis
share
Information leakage is a significant problem in modern software systems. Information leaks due to side channels are especially hard to detect and analyze. In this paper, we present techniques for automated synthesis of adaptive side-channel attacks that recover secret values. Our attack synthesis techniques iteratively generate inputs which, when fed to code that accesses the secret, reveal partial information about the secret based on the side-channel observations, reducing the remaining uncertainty about the secret in each attack step. Our approach is incremental, reusing results from prior iterations in each attack step to improve the efficiency of attack synthesis. We use symbolic execution to extract path constraints, automata-based model counting to estimate probabilities of execution paths, and meta-heuristics to maximize information gain based on entropy in order to minimize the number of synthesized attack steps.
READ FULL TEXT
