CacheAudit: A tool for the static analysis of cache side channels

Proceedings of the 22nd USENIX Security Symposium

Volumn , Issue , 2013, Pages 431-446

  Doychev, Goran ^a   Feld, Dominik ^b   Köpf, Boris ^a   Mauborgne, Laurent ^a   Reineke, Jan ^b  

^a IMDEA SOFTWARE INSTITUTE   (Spain)

^b SAARLAND UNIVERSITY   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

CRYPTOGRAPHY;

BINARY EXECUTABLES; CACHE CONFIGURATIONS; FORMAL PROOFS; MEMORY ACCESS PATTERNS; PROGRAM BINARY; SIDE-CHANNEL; SYMMETRIC ENCRYPTION; TECHNICAL CONTRIBUTION;

STATIC ANALYSIS;

EID: 85076296526     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (49)

1. AbsInt aiT Worst-Case Execution Time Analyzers. http://www.absint.com/a3/.
2. Intel Advanced Encryption Standard (AES) Instructions Set. http://software.intel.com/file/24917.
3. PolarSSL. http://polarssl.org/.
4. Sorting algorithms. http://www.codebeach.com/2008/09/sorting-algorithms-in-c.html.
5. O. Aciiçmez and Ç. K. Koç. Trace-driven cache attacks on AES. In ICICS, pages 112-121. Springer, 2006.
6. O. Aciiçmez, W. Schindler, and Ç. K. Koç. Cache based remote timing attack on the AES. In CT-RSA, pages 271-286. Springer, 2007.
7. J. Agat. Transforming out timing leaks. In POPL 2000, pages 40-53. ACM, 2000.
8. J. Agat and D. Sands. On confidentiality and algorithms. In SSP, pages 64-77. IEEE, 2001.
9. M. Backes, B. Köpf, and A. Rybalchenko. Automatic discovery and quantification of information leaks. In SSP, pages 141-153. IEEE, 2009.
10. D. Bernstein. Cache-timing attacks on AES. http://cr.yp.to/antiforgery/cachetiming-20050414.pdf.
11. D. Bernstein. Salsa20. http://cr.yp.to/snuffle.html.
12. F. Bourdoncle. Efficient chaotic iteration strategies with widenings. In FMPA, pages 128-141. Springer, 1993.
13. A. Chlipala. Modular development of certified program verifiers with a proof assistant. In ICFP, pages 160-171. ACM, 2006.
14. D. Clark, S. Hunt, and P. Malacaria. A static analysis for quantifying information flow in a simple imperative language. JCS, 15(3):321-371, 2007.
15. B. Coppens, I. Verbauwhede, K. D. Bosschere, and B. D. Sutter. Practical mitigations for timing-based side-channel attacks on modern x86 processors. In SSP, pages 45-60. IEEE, 2009.
16. P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction of approximation of fixpoints. In POPL, pages 238-252, 1977.
17. P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In POPL, pages 269-282, 1979.
18. P. Cousot, R. Cousot, and L. Mauborgne. Theories, solvers and static analysis by abstract interpretation. Journal of the ACM, 59(6):31, 2012.
19. G. Doychev, D. Feld, B. Köpf, L. Mauborgne, and J. Reineke. CacheAudit: A tool for the static analysis of cache side channels. http://eprint.iacr.org/2013/253.
20. S. Dziembowski and K. Pietrzak. Leakage-resilient cryptography. In FOCS, pages 293-302. IEEE, 2008.
21. C. Ferdinand, F. Martin, R. Wilhelm, and M. Alt. Cache behavior prediction by abstract interpretation. Science of Computer Programming, 35(2):163-189, 1999.
22. D. Grund. Static Cache Analysis for Real-Time Systems - LRU, FIFO, PLRU. PhD thesis, Saarland University, 2012.
23. D. Gullasch, E. Bangerter, and S. Krenn. Cache games - bringing access-based cache attacks on AES to practice. In SSP, pages 490-505. IEEE, 2011.
24. R. Heckmann, M. Langenbach, S. Thesing, and R. Wilhelm. The influence of processor architecture on the design and the results of WCET tools. IEEE Proceedings on Real-Time Systems, 91(7):1038-1054, 2003.
25. D. Hedin and D. Sands. Timing aware information flow security for a JavaCard-like bytecode. ENTCS, 141(1):163-182, 2005.
26. J. Heusser and P. Malacaria. Quantifying information leaks in software. In ACSAC, pages 261-269. ACM, 2010.
27. S. Jana and V. Shmatikov. Memento: Learning secrets from process footprints. In SSP, pages 143-157. IEEE, 2012.
28. E. Käsper and P. Schwabe. Faster and timing-attack resistant AES-GCM. In CHES, pages 1-17, 2009.
29. T. Kim, M. Peinado, and G. Mainar-Ruiz. Stealth-Mem: System-level protection against cache-based side channel attacks in the cloud. In 19th USENIX Security Symposium. USENIX, 2012.
30. J. Kinder, F. Zuleger, and H. Veith. An abstract interpretation-based framework for control flow reconstruction from binaries. In VMCAI, pages 214-228. Springer, 2009.
31. P. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In CRYPTO, pages 104-113. Springer, 1996.
32. P. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In CRYPTO, pages 388-397. Springer, 1999.
33. B. Köpf and D. Basin. An Information-Theoretic Model for Adaptive Side-Channel Attacks. In CCS, pages 286-296. ACM, 2007.
34. B. Köpf, L. Mauborgne, and M. Ochoa. Automatic quantification of cache side-channels. In CAV, pages 564-580. Springer, 2012.
35. B. Köpf and A. Rybalchenko. Approximation and randomization for quantitative information-flow analysis. In CSF, pages 3-14. IEEE, 2010.
36. L. Mauborgne and X. Rival. Trace partitioning in abstract interpretation based static analyzers. In ESOP, Volume 3444 of LNCS, pages 5-20. Springer, 2005.
37. Z. Meng and G. Smith. Calculating bounds on information leakage using two-bit patterns. In PLAS. ACM, 2011.
38. J. Newsome, S. McCamant, and D. Song. Measuring channel capacity to distinguish undue influence. In PLAS, pages 73-85. ACM, 2009.
39. D. A. Osvik, A. Shamir, and E. Tromer. Cache attacks and countermeasures: the case of AES. In C T-RSA, Volume 3860 of LNCS, pages 1-20. Springer, 2006.
40. C. Percival. Cache missing for fun and profit. In BSDCan, 2005.
41. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In CCS, pages 199-212. ACM, 2009.
42. A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5-19, 2003.
43. G. Smith. On the foundations of quantitative information flow. In FoSSaCS, pages 288-302. Springer, 2009.
44. K. Tiri, O. Aciiçmez, M. Neve, and F. Andersen. An analytical model for time-driven cache attacks. In FSE, Volume 4593 of LNCS, pages 399-413. Springer, 2007.
45. M. Tiwari, J. Oberg, X. Li, J. Valamehr, T. E. Levin, B. Hardekopf, R. Kastner, F. T. Chong, and T. Sherwood. Crafting a usable microkernel, processor, and I/O system with strict and provable information flow security. In ISCA, pages 189-200. ACM, 2011.
46. Z. Wang and R. B. Lee. New cache designs for thwarting software cache-based side channel attacks. In ISCA, pages 494-505. ACM, 2007.
47. Y. Yu, F.-X. Standaert, O. Pereira, and M. Yung. Practical leakage-resilient pseudorandom generators. In CCS, pages 141-151. ACM, 2010.
48. D. Zhang, A. Askarov, and A. C. Myers. Language-based control and mitigation of timing channels. In PLDI, pages 99-110. ACM, 2012.
49. Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Cross-VM side channels and their use to extract private keys. In CCS. ACM, 2012.