Abstract
Cache-based side channels are becoming an important attack vector through which secret information can be leaked to malicious parties. implementations and Previous work on cache-based side channel detection, however, suffers from the code coverage problem or does not provide diagnostic information that is crucial for applying mitigation techniques to vulnerable software. We propose CaSym, a cache-aware symbolic execution to identify and report precise information about where side channels occur in an input program. Compared with existing work, CaSym provides several unique features: (1) CaSym enables verification against various attack models and cache models, (2) unlike many symbolic-execution systems for bug finding, CaSym verifies all program execution paths in a sound way, (3) CaSym uses two novel abstract cache models that provide good balance between analysis scalability and precision, and (4) CaSym provides sufficient information on where and how to mitigate the identified side channels through techniques including preloading and pinning. Evaluation on a set of crypto and database benchmarks shows that CaSym is effective at identifying and mitigating side channels, with reasonable efficiency.
| Original language | English (US) |
|---|---|
| Title of host publication | Proceedings - 2019 IEEE Symposium on Security and Privacy, SP 2019 |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| Pages | 505-521 |
| Number of pages | 17 |
| ISBN (Electronic) | 9781538666609 |
| DOIs | |
| State | Published - May 2019 |
| Event | 40th IEEE Symposium on Security and Privacy, SP 2019 - San Francisco, United States Duration: May 19 2019 → May 23 2019 |
Publication series
| Name | Proceedings - IEEE Symposium on Security and Privacy |
|---|---|
| Volume | 2019-May |
| ISSN (Print) | 1081-6011 |
Conference
| Conference | 40th IEEE Symposium on Security and Privacy, SP 2019 |
|---|---|
| Country | United States |
| City | San Francisco |
| Period | 5/19/19 → 5/23/19 |
Fingerprint
All Science Journal Classification (ASJC) codes
- Safety, Risk, Reliability and Quality
- Software
- Computer Networks and Communications
Cite this
}
CaSym : Cache aware symbolic execution for side channel detection and mitigation. / Brotzman, Robert; Liu, Shen; Zhang, Danfeng; Tan, Gang; Kandemir, Mahmut.
Proceedings - 2019 IEEE Symposium on Security and Privacy, SP 2019. Institute of Electrical and Electronics Engineers Inc., 2019. p. 505-521 8835249 (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2019-May).Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
TY - GEN
T1 - CaSym
T2 - Cache aware symbolic execution for side channel detection and mitigation
AU - Brotzman, Robert
AU - Liu, Shen
AU - Zhang, Danfeng
AU - Tan, Gang
AU - Kandemir, Mahmut
PY - 2019/5
Y1 - 2019/5
N2 - Cache-based side channels are becoming an important attack vector through which secret information can be leaked to malicious parties. implementations and Previous work on cache-based side channel detection, however, suffers from the code coverage problem or does not provide diagnostic information that is crucial for applying mitigation techniques to vulnerable software. We propose CaSym, a cache-aware symbolic execution to identify and report precise information about where side channels occur in an input program. Compared with existing work, CaSym provides several unique features: (1) CaSym enables verification against various attack models and cache models, (2) unlike many symbolic-execution systems for bug finding, CaSym verifies all program execution paths in a sound way, (3) CaSym uses two novel abstract cache models that provide good balance between analysis scalability and precision, and (4) CaSym provides sufficient information on where and how to mitigate the identified side channels through techniques including preloading and pinning. Evaluation on a set of crypto and database benchmarks shows that CaSym is effective at identifying and mitigating side channels, with reasonable efficiency.
AB - Cache-based side channels are becoming an important attack vector through which secret information can be leaked to malicious parties. implementations and Previous work on cache-based side channel detection, however, suffers from the code coverage problem or does not provide diagnostic information that is crucial for applying mitigation techniques to vulnerable software. We propose CaSym, a cache-aware symbolic execution to identify and report precise information about where side channels occur in an input program. Compared with existing work, CaSym provides several unique features: (1) CaSym enables verification against various attack models and cache models, (2) unlike many symbolic-execution systems for bug finding, CaSym verifies all program execution paths in a sound way, (3) CaSym uses two novel abstract cache models that provide good balance between analysis scalability and precision, and (4) CaSym provides sufficient information on where and how to mitigate the identified side channels through techniques including preloading and pinning. Evaluation on a set of crypto and database benchmarks shows that CaSym is effective at identifying and mitigating side channels, with reasonable efficiency.
UR - http://www.scopus.com/inward/record.url?scp=85067823062&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85067823062&partnerID=8YFLogxK
U2 - 10.1109/SP.2019.00022
DO - 10.1109/SP.2019.00022
M3 - Conference contribution
AN - SCOPUS:85067823062
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 505
EP - 521
BT - Proceedings - 2019 IEEE Symposium on Security and Privacy, SP 2019
PB - Institute of Electrical and Electronics Engineers Inc.
ER -