Multi-run side-channel analysis using Symbolic Execution and Max-SMT

View/Open

Accepted Version (277.3Kb)

Publisher

IEEE

ISSN

0018-9324

Metadata

Show full item record

Abstract

Abstract—Side-channel attacks recover confidential information from non-functional characteristics of computations, such as time or memory consumption. We describe a program analysis that uses symbolic execution to quantify the information that is leaked to an attacker who makes multiple side-channel measurements. The analysis also synthesizes the concrete public inputs (the “attack”) that lead to maximum leakage, via a novel reduction to Max-SMT solving over the constraints collected with symbolic execution. Furthermore model counting and information-theoretic metrics are used to compute an attacker’s remaining uncertainty about a secret after a certain number of side-channel measurements are made. We have implemented the analysis in the Symbolic PathFinder tool and applied it in the context of password checking and cryptographic functions, showing how to obtain tight bounds on information leakage under a small number of attack steps.

Authors

MALACARIA, P; Pasareanu, C; Phan, Q-S; 29th IEEE Computer Security Foundations Symposium

URI

http://qmro.qmul.ac.uk/xmlui/handle/123456789/12478

Collections

College Publications [5182]

Copyright statements

© 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Browse

Administrators only

Statistics