| Title | Adversarial Symbolic Execution for Detecting Concurrency-Related Cache Timing Leaks |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Guo, Shengjian, Wu, Meng, Wang, Chao |
| Conference Name | Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5573-5 |
| Keywords | cache, composability, Concurrency, cyber-physical system, Cyber-physical systems, Metrics, Predictive Metrics, pubcrawl, resilience, Resiliency, Side-channel attack, symbolic execution, Timing |
| Abstract | The timing characteristics of cache, a high-speed storage between the fast CPU and the slow memory, may reveal sensitive information of a program, thus allowing an adversary to conduct side-channel attacks. Existing methods for detecting timing leaks either ignore cache all together or focus only on passive leaks generated by the program itself, without considering leaks that are made possible by concurrently running some other threads. In this work, we show that timing-leak-freedom is not a compositional property: a program that is not leaky when running alone may become leaky when interleaved with other threads. Thus, we develop a new method, named adversarial symbolic execution, to detect such leaks. It systematically explores both the feasible program paths and their interleavings while modeling the cache, and leverages an SMT solver to decide if there are timing leaks. We have implemented our method in LLVM and evaluated it on a set of real-world ciphers with 14,455 lines of C code in total. Our experiments demonstrate both the efficiency of our method and its effectiveness in detecting side-channel leaks. |
| DOI | 10.1145/3236024.3236028 |
| Citation Key | guo_adversarial_2018 |
Adversarial Symbolic Execution for Detecting Concurrency-Related Cache Timing Leaks