CaSym: Cache aware symbolic execution for side channel detection and mitigation

Robert Brotzman; Shen Liu; Danfeng Zhang; Gang Tan; Mahmut Kandemir

doi:10.1109/SP.2019.00022

CaSym: Cache aware symbolic execution for side channel detection and mitigation

Robert Brotzman, Shen Liu, Danfeng Zhang, Gang Tan, Mahmut Kandemir

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Scopus citations

Abstract

Cache-based side channels are becoming an important attack vector through which secret information can be leaked to malicious parties. implementations and Previous work on cache-based side channel detection, however, suffers from the code coverage problem or does not provide diagnostic information that is crucial for applying mitigation techniques to vulnerable software. We propose CaSym, a cache-aware symbolic execution to identify and report precise information about where side channels occur in an input program. Compared with existing work, CaSym provides several unique features: (1) CaSym enables verification against various attack models and cache models, (2) unlike many symbolic-execution systems for bug finding, CaSym verifies all program execution paths in a sound way, (3) CaSym uses two novel abstract cache models that provide good balance between analysis scalability and precision, and (4) CaSym provides sufficient information on where and how to mitigate the identified side channels through techniques including preloading and pinning. Evaluation on a set of crypto and database benchmarks shows that CaSym is effective at identifying and mitigating side channels, with reasonable efficiency.

Original language	English (US)
Title of host publication	Proceedings - 2019 IEEE Symposium on Security and Privacy, SP 2019
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	505-521
Number of pages	17
ISBN (Electronic)	9781538666609
DOIs	https://doi.org/10.1109/SP.2019.00022
State	Published - May 2019
Event	40th IEEE Symposium on Security and Privacy, SP 2019 - San Francisco, United States Duration: May 19 2019 → May 23 2019

Publication series

Name	Proceedings - IEEE Symposium on Security and Privacy
Volume	2019-May
ISSN (Print)	1081-6011

Conference

Conference	40th IEEE Symposium on Security and Privacy, SP 2019
Country	United States
City	San Francisco
Period	5/19/19 → 5/23/19

Fingerprint

All Science Journal Classification (ASJC) codes

Safety, Risk, Reliability and Quality
Software
Computer Networks and Communications

Cite this

Brotzman, R., Liu, S., Zhang, D., Tan, G., & Kandemir, M. (2019). CaSym: Cache aware symbolic execution for side channel detection and mitigation. In Proceedings - 2019 IEEE Symposium on Security and Privacy, SP 2019 (pp. 505-521). [8835249] (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2019-May). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SP.2019.00022

@inproceedings{fb4dd4a59fbd4db4a82a593324fd6ec2,

title = "CaSym: Cache aware symbolic execution for side channel detection and mitigation",

abstract = "Cache-based side channels are becoming an important attack vector through which secret information can be leaked to malicious parties. implementations and Previous work on cache-based side channel detection, however, suffers from the code coverage problem or does not provide diagnostic information that is crucial for applying mitigation techniques to vulnerable software. We propose CaSym, a cache-aware symbolic execution to identify and report precise information about where side channels occur in an input program. Compared with existing work, CaSym provides several unique features: (1) CaSym enables verification against various attack models and cache models, (2) unlike many symbolic-execution systems for bug finding, CaSym verifies all program execution paths in a sound way, (3) CaSym uses two novel abstract cache models that provide good balance between analysis scalability and precision, and (4) CaSym provides sufficient information on where and how to mitigate the identified side channels through techniques including preloading and pinning. Evaluation on a set of crypto and database benchmarks shows that CaSym is effective at identifying and mitigating side channels, with reasonable efficiency.",

author = "Robert Brotzman and Shen Liu and Danfeng Zhang and Gang Tan and Mahmut Kandemir",

year = "2019",

month = may

doi = "10.1109/SP.2019.00022",

language = "English (US)",

series = "Proceedings - IEEE Symposium on Security and Privacy",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "505--521",

booktitle = "Proceedings - 2019 IEEE Symposium on Security and Privacy, SP 2019",

address = "United States",

note = "40th IEEE Symposium on Security and Privacy, SP 2019 ; Conference date: 19-05-2019 Through 23-05-2019",

}

Brotzman, R, Liu, S, Zhang, D , Tan, G & Kandemir, M 2019, CaSym: Cache aware symbolic execution for side channel detection and mitigation. in Proceedings - 2019 IEEE Symposium on Security and Privacy, SP 2019., 8835249, Proceedings - IEEE Symposium on Security and Privacy, vol. 2019-May, Institute of Electrical and Electronics Engineers Inc., pp. 505-521, 40th IEEE Symposium on Security and Privacy, SP 2019, San Francisco, United States, 5/19/19. https://doi.org/10.1109/SP.2019.00022

CaSym : Cache aware symbolic execution for side channel detection and mitigation. / Brotzman, Robert; Liu, Shen; Zhang, Danfeng ; Tan, Gang ; Kandemir, Mahmut.

Proceedings - 2019 IEEE Symposium on Security and Privacy, SP 2019. Institute of Electrical and Electronics Engineers Inc., 2019. p. 505-521 8835249 (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2019-May).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - CaSym

T2 - 40th IEEE Symposium on Security and Privacy, SP 2019

AU - Brotzman, Robert

AU - Liu, Shen

AU - Zhang, Danfeng

AU - Tan, Gang

AU - Kandemir, Mahmut

PY - 2019/5

Y1 - 2019/5

N2 - Cache-based side channels are becoming an important attack vector through which secret information can be leaked to malicious parties. implementations and Previous work on cache-based side channel detection, however, suffers from the code coverage problem or does not provide diagnostic information that is crucial for applying mitigation techniques to vulnerable software. We propose CaSym, a cache-aware symbolic execution to identify and report precise information about where side channels occur in an input program. Compared with existing work, CaSym provides several unique features: (1) CaSym enables verification against various attack models and cache models, (2) unlike many symbolic-execution systems for bug finding, CaSym verifies all program execution paths in a sound way, (3) CaSym uses two novel abstract cache models that provide good balance between analysis scalability and precision, and (4) CaSym provides sufficient information on where and how to mitigate the identified side channels through techniques including preloading and pinning. Evaluation on a set of crypto and database benchmarks shows that CaSym is effective at identifying and mitigating side channels, with reasonable efficiency.

AB - Cache-based side channels are becoming an important attack vector through which secret information can be leaked to malicious parties. implementations and Previous work on cache-based side channel detection, however, suffers from the code coverage problem or does not provide diagnostic information that is crucial for applying mitigation techniques to vulnerable software. We propose CaSym, a cache-aware symbolic execution to identify and report precise information about where side channels occur in an input program. Compared with existing work, CaSym provides several unique features: (1) CaSym enables verification against various attack models and cache models, (2) unlike many symbolic-execution systems for bug finding, CaSym verifies all program execution paths in a sound way, (3) CaSym uses two novel abstract cache models that provide good balance between analysis scalability and precision, and (4) CaSym provides sufficient information on where and how to mitigate the identified side channels through techniques including preloading and pinning. Evaluation on a set of crypto and database benchmarks shows that CaSym is effective at identifying and mitigating side channels, with reasonable efficiency.

UR - http://www.scopus.com/inward/record.url?scp=85067823062&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85067823062&partnerID=8YFLogxK

U2 - 10.1109/SP.2019.00022

DO - 10.1109/SP.2019.00022

M3 - Conference contribution

AN - SCOPUS:85067823062

T3 - Proceedings - IEEE Symposium on Security and Privacy

SP - 505

EP - 521

BT - Proceedings - 2019 IEEE Symposium on Security and Privacy, SP 2019

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 19 May 2019 through 23 May 2019

ER -

Brotzman R, Liu S, Zhang D , Tan G , Kandemir M. CaSym: Cache aware symbolic execution for side channel detection and mitigation. In Proceedings - 2019 IEEE Symposium on Security and Privacy, SP 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 505-521. 8835249. (Proceedings - IEEE Symposium on Security and Privacy). https://doi.org/10.1109/SP.2019.00022

Access to Document

10.1109/SP.2019.00022