ESEC/FSE 2018

26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2018), November 4–9, 2018, Lake Buena Vista, FL, USA

Desktop Layout

Symbolic Execution and Constraint Solving
Research Papers
Adversarial Symbolic Execution for Detecting Concurrency-Related Cache Timing Leaks
Shengjian Guo, Meng Wu, and Chao Wang
(Virginia Tech, USA; University of Southern California, USA)
Artifacts Available Artifacts Reusable Artifacts Functional
Publisher's Version
Abstract: The timing characteristics of cache, a high-speed storage between the fast CPU and the slow memory, may reveal sensitive information of a program, thus allowing an adversary to conduct side-channel attacks. Existing methods for detecting timing leaks either ignore cache all together or focus only on passive leaks generated by the program itself, without considering leaks that are made possible by concurrently running some other threads. In this work, we show that timing-leak-freedom is not a compositional property: a program that is not leaky when running alone may become leaky when interleaved with other threads. Thus, we develop a new method, named adversarial symbolic execution, to detect such leaks. It systematically explores both the feasible program paths and their interleavings while modeling the cache, and leverages an SMT solver to decide if there are timing leaks. We have implemented our method in LLVM and evaluated it on a set of real-world ciphers with 14,455 lines of C code in total. Our experiments demonstrate both the efficiency of our method and its effectiveness in detecting side-channel leaks.

Authors:


Time stamp: 2019-03-23T07:45:44+01:00