Quantifying the Information Leakage in Cache Attacks via Symbolic Execution

Chattopadhyay, Sudipta and Beck, Moritz and Rezine, Ahmed and Zeller, Andreas
(2019) Quantifying the Information Leakage in Cache Attacks via Symbolic Execution.
ACM Trans. Embed. Comput. Syst., 18 (1).

[img]
Preview
 Text
3288758.pdf
Download (1MB) | Preview
Official URL: https://doi.org/10.1145/3288758

Abstract

Cache attacks allow attackers to infer the properties of a secret execution by observing cache hits and misses. But how much information can actually leak through such attacks? For a given program, a cache model, and an input, our CHALICE framework leverages symbolic execution to compute the amount of information that can possibly leak through cache attacks. At the core of CHALICE is a novel approach to quantify information leakage that can highlight critical cache side-channel leakage on arbitrary binary code. In our evaluation on real-world programs from OpenSSL and Linux GDK libraries, CHALICE effectively quantifies information leakage: For an AES-128 implementation on Linux, for instance, CHALICE finds that a cache attack can leak as much as 127 out of 128 bits of the encryption key.

Item Type: Article
Uncontrolled Keywords: cache, security, symbolic execution, Side channel
Divisions: Andreas Zeller (Software Engineering, ST)
Depositing User: Andreas Zeller
Date Deposited: 26 May 2020 08:52
Last Modified: 18 Jun 2020 10:03
Primary Research Area: NRA3: Threat Detection and Defenses
URI: https://publications.cispa.saarland/id/eprint/3066

Actions

Actions (login required)

View Item View Item
CISPA is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.