SpecuSym: Speculative Symbolic Execution for Cache Timing Leak Detection

11/04/2019
by   Shengjian Guo, et al.
0

CPU cache is limited but crucial storage on modern processor whereas the cache timing side-channel could indirectly leak data through the measurable timing variance. Speculative execution, a reason for the variance and a vital optimization in modern CPUs, can engender severe detriment to deliberate branch mispredictions. Though static analysis can qualitatively verify the timing-leakage-free property under speculative execution, it is incapable of producing endorsements including inputs and speculated flows to diagnose leaks in depth. This work proposes a new approach, Speculative symbolic Execution, for precisely validating cache timing leaks introduced by speculative execution. Generally, given a program with sensitive inputs (leakage-free in non-speculative execution), our method systematically explores the program state space. Meanwhile, it models speculative behavior at conditional branches and accumulates the cache side effects along with subsequent execution. Based on the dynamic exploration and a specified cache model, we construct leak conditions for memory accesses and conduct a constraint-solving based cache behavior analysis to generate leak witnesses. We have implemented our method in a tool named SpecuSym on KLEE, and evaluated it against 14 open-source benchmarks. Experiments show that SpecuSym successfully identified leaks in 6 programs on four different caches and eliminated false positives in 2 programs reported by recent work.

READ FULL TEXT

Authors

page 1

page 2

page 3

page 4

07/09/2018

Adversarial Symbolic Execution for Detecting Concurrency-Related Cache Timing Leaks

The timing characteristics of cache, a high-speed storage between the fa...
07/03/2018

On the Incomparability of Cache Algorithms in Terms of Timing Leakage

Modern computer architectures rely on caches to reduce the latency gap b...
01/27/2022

ETAP: Energy-aware Timing Analysis of Intermittent Programs

Energy harvesting battery-free embedded devices rely only on ambient ene...
05/11/2020

Validation of Abstract Side-Channel Models for Computer Architectures

Observational models make tractable the analysis of information flow pro...
02/11/2018

MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols

The recent Meltdown and Spectre attacks highlight the importance of auto...
12/09/2021

Automated Side Channel Analysis of Media Software with Manifold Learning

The prosperous development of cloud computing and machine learning as a ...
07/09/2018

CANAL: A Cache Timing Analysis Framework via LLVM Transformation

A unified modeling framework for non-functional properties of a program ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.