Precise And Scalable Side Channel Analysis

Download or read book Precise and Scalable Side-Channel Analysis written by Qinkun Bao and published by . This book was released on 2021 with total page pages. Available in PDF, EPUB and Kindle. Book excerpt: Side channels are ubiquitous in modern computer systems as sensitive information can leak through many mechanisms such as power consumption, execution time, and even electromagnetic radiation. Among them, address-based side-channel attacks, such as cache-based attacks, memory page attacks, and controlled-channel attacks, are especially problematic as they do not require physical proximity. Hardware countermeasures, which usually require changes to the complex underlying hardware, are hard to adopt in practice. On the contrary, software approaches are generally easy to implement. While some existing tools can detect side-channel leakages, many of these approaches are computationally expensive or imprecise. Besides, many such vulnerabilities leak a negligible amount of sensitive information, and thus developers are often reluctant to address them. Existing tools do not provide sufficient information, such as the amount of information leaked through side channels, to evaluate the severity of a vulnerability. In this dissertation, we present methods to detect and quantify address-based side-channel vulnerabilities in real-world applications. First, a new method to detect address-based side-channel vulnerabilities for the binary code is proposed. We examine the bottleneck in the symbolic approaches and improve the analysis precision and performance. Second, we propose a new program analysis method to precisely quantify the leaked information in a single-trace attack. We model an attacker's observation of each leakage site as a constraint and run Monte Carlo sampling to estimate the number of leaked bits for each leakage site. Finally, we extend our approach to quantify side-channel leakages from multiple trace attacks. We present a method to quantify the lower bound of side-channel leakages. Unlike the previous side-channel detection tools, our approach can identify severe side-channel leakages without false positives. We implement the approaches and apply them to popular cryptography libraries. The evaluation results confirm that our side-channel detection method is much faster than state-of-art tools while identifying all the known leakages reported by previous tools. The experiments also show that our side-channel analysis reports precise leakage information that can help developers better triage the reported vulnerabilities. This dissertation research develops fundamental and practical techniques for precise side-channel analysis in software systems. We have also released our research software prototypes. As a result, developers can use our tools to develop more secure systems and the academic and industry communities can further advance side-channel analysis on top of our research.