Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Cache behavior prediction by abstract interpretation
Science of Computer Programming
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
New cache designs for thwarting software cache-based side channel attacks
Proceedings of the 34th annual international symposium on Computer architecture
An information-theoretic model for adaptive side-channel attacks
Proceedings of the 14th ACM conference on Computer and communications security
A static analysis for quantifying information flow in a simple imperative language
Journal of Computer Security
Leakage-Resilient Cryptography
FOCS '08 Proceedings of the 2008 49th Annual IEEE Symposium on Foundations of Computer Science
On the Foundations of Quantitative Information Flow
FOSSACS '09 Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Measuring channel capacity to distinguish undue influence
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Quantitative Notions of Leakage for One-try Attacks
Electronic Notes in Theoretical Computer Science (ENTCS)
A Provably Secure and Efficient Countermeasure against Timing Attacks
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Automatic Discovery and Quantification of Information Leaks
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Faster and Timing-Attack Resistant AES-GCM
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Remote timing attacks are practical
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Timing Aware Information Flow Security for a JavaCard-like Bytecode
Electronic Notes in Theoretical Computer Science (ENTCS)
Approximation and Randomization for Quantitative Information-Flow Analysis
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Vulnerability Bounds and Leakage Resilience of Blinded Cryptography under Timing Attacks
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
A scalable segmented decision tree abstract domain
Time for verification
New results on instruction cache attacks
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Quantifying information leaks in software
Proceedings of the 26th Annual Computer Security Applications Conference
Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Trace-driven cache attacks on AES (short paper)
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Cache attacks and countermeasures: the case of AES
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Trace partitioning in abstract interpretation based static analyzers
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Calculating bounds on information leakage using two-bit patterns
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Predicting secret keys via branch prediction
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Cache based remote timing attack on the AES
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
An analytical model for time-driven cache attacks
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
QUAIL: a quantitative security analyzer for imperative code
CAV'13 Proceedings of the 25th international conference on Computer Aided Verification
CacheAudit: a tool for the static analysis of cache side channels
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
The latency gap between caches and main memory has been successfully exploited for recovering sensitive input to programs, such as cryptographic keys from implementation of AES and RSA. So far, there are no practical general-purpose countermeasures against this threat. In this paper we propose a novel method for automatically deriving upper bounds on the amount of information about the input that an adversary can extract from a program by observing the CPU's cache behavior. At the heart of our approach is a novel technique for efficient counting of concretizations of abstract cache states that enables us to connect state-of-the-art techniques for static cache analysis and quantitative information-flow. We implement our counting procedure on top of the AbsInt TimingExplorer, one of the most advanced engines for static cache analysis. We use our tool to perform a case study where we derive upper bounds on the cache leakage of a 128-bit AES executable on an ARM processor. We also analyze this implementation with a commonly suggested (but until now heuristic) countermeasure applied, obtaining a formal account of the corresponding increase in security.