An exploration of effective fuzzing for side‐channel cache leakage. (28th November 2019)
- Record Type:
- Journal Article
- Title:
- An exploration of effective fuzzing for side‐channel cache leakage. (28th November 2019)
- Main Title:
- An exploration of effective fuzzing for side‐channel cache leakage
- Authors:
- Basu, Tiyash
Aggarwal, Kartik
Wang, Chundong
Chattopadhyay, Sudipta - Other Names:
- Saadatmand Mehrdad guestEditor.
Lindström Birgitta guestEditor.
Aichernig Bernhard K. guestEditor. - Abstract:
- Summary: Adversaries can compute the secret information of a program, such as the key for encryption routines, from side channels in the light of timing‐based and access‐based CPU cache behaviours. As a result, it is crucial to understand whether a program is vulnerable to side‐channel cache leakage or not. Yet how we can find out such a vulnerability in a program remains a problem. In this paper, we revisit this problem and contemplate a test‐generation methodology, which, in both timing‐based and access‐based dimensions, systematically discovers the cache side‐channel leakage of an arbitrary software program. At the core of our test‐generation framework is an algorithm that explores the program's input space and adapts at runtime according to observed cache performance in the executed tests. We have implemented our test generator for timing‐based and access‐based attack tests and evaluated it with open‐source subject programs, including ones from OPENSSL and Linux GDK libraries. Our extensive evaluation effectively discloses the vulnerabilities of these real‐world software to both timing‐based and access‐based cache attacks. We also empirically show that our test generator achieves higher and comparable effectiveness, respectively, in simulations and real hardware platforms with regard to revealing cache side‐channel leakage than do state‐of‐the‐art fuzz testing tools. Abstract : We formalize the coverage‐based test generation problem to discover side‐channelSummary: Adversaries can compute the secret information of a program, such as the key for encryption routines, from side channels in the light of timing‐based and access‐based CPU cache behaviours. As a result, it is crucial to understand whether a program is vulnerable to side‐channel cache leakage or not. Yet how we can find out such a vulnerability in a program remains a problem. In this paper, we revisit this problem and contemplate a test‐generation methodology, which, in both timing‐based and access‐based dimensions, systematically discovers the cache side‐channel leakage of an arbitrary software program. At the core of our test‐generation framework is an algorithm that explores the program's input space and adapts at runtime according to observed cache performance in the executed tests. We have implemented our test generator for timing‐based and access‐based attack tests and evaluated it with open‐source subject programs, including ones from OPENSSL and Linux GDK libraries. Our extensive evaluation effectively discloses the vulnerabilities of these real‐world software to both timing‐based and access‐based cache attacks. We also empirically show that our test generator achieves higher and comparable effectiveness, respectively, in simulations and real hardware platforms with regard to revealing cache side‐channel leakage than do state‐of‐the‐art fuzz testing tools. Abstract : We formalize the coverage‐based test generation problem to discover side‐channel vulnerabilities in arbitrary programs. Based on this formalism, we then develop a search‐based test generation algorithm and instantiate it with timing‐ and access‐based cache side channels. Finally, we evaluate our test generation algorithm to show its efficacy over the state‐of‐the‐art fuzz testing tools on a controlled environment, on a mainstream system and on an embedded system. … (more)
- Is Part Of:
- Software testing, verification & reliability. Volume 30:Number 1(2020)
- Journal:
- Software testing, verification & reliability
- Issue:
- Volume 30:Number 1(2020)
- Issue Display:
- Volume 30, Issue 1 (2020)
- Year:
- 2020
- Volume:
- 30
- Issue:
- 1
- Issue Sort Value:
- 2020-0030-0001-0000
- Page Start:
- n/a
- Page End:
- n/a
- Publication Date:
- 2019-11-28
- Subjects:
- side‐channel attacks -- cache timing attacks -- cache access attacks -- fuzzing
Computer software -- Testing -- Periodicals
Computer software -- Verification -- Periodicals
Computer software -- Reliability -- Periodicals
005.14 - Journal URLs:
- http://onlinelibrary.wiley.com/ ↗
- DOI:
- 10.1002/stvr.1718 ↗
- Languages:
- English
- ISSNs:
- 0960-0833
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 8321.457500
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 17282.xml