Write a Blog >>
ICSE 2021
Mon 17 May - Sat 5 June 2021

Side-channel attacks allow adversaries to infer sensitive information from non-functional characteristics. Prior side-channel detection work is able to identify numerous potential vulnerabilities. However, in practice, many such vulnerabilities leak a negligible amount of sensitive information, and thus developers are often reluctant to address them. Existing tools do not provide information to evaluate a leak’s severity, such as the number of leaked bits.

To address this issue, we propose a new program analysis method to precisely quantify the leaked information in a single-trace attack through side-channels. It can identify covert information flows in programs that expose confidential information and can reason about security flaws that would otherwise be difficult, if not impossible, for a developer to find. We model an attacker’s observation of each leakage site as a constraint. We use symbolic execution to generate these constraints and then run Monte Carlo sampling to estimate the number of leaked bits for each leakage site. By applying the Central Limit Theorem, we provide an error bound for these estimations.

We have implemented the technique in a tool called Abacus, which not only finds very fine-grained side-channel vulnerabilities but also estimates how many bits are leaked. Abacus outperforms existing dynamic side-channel detection tools in performance and accuracy. We evaluate Abacus on OpenSSL, mbedTLS, Libgcrypt, and Monocypher. Our results demonstrate that most reported vulnerabilities are difficult to exploit in practice and should be de-prioritized by developers. We also find several sensitive vulnerabilities that are missed by the existing tools. We confirm those vulnerabilities with manual checks and by contacting the developers.

Tue 25 May

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

16:40 - 17:35
1.4.3. Identifying Information LeaksNIER - New Ideas and Emerging Results / Technical Track at Blended Sessions Room 3 +12h
Chair(s): Oscar Dieste Universidad Politécnica de Madrid
16:40
15m
Paper
An Axiomatic Approach to Detect Information Leaks in Concurrent ProgramsNIER
NIER - New Ideas and Emerging Results
Sandip Ghosal Indian Institute of Technology, Bombay, R.K. Shyamasundar Indian Institute of Technology, Bombay
Pre-print Media Attached
16:55
20m
Paper
Abacus: Precise Side-Channel AnalysisArtifact ReusableTechnical Track
Technical Track
Qinkun Bao The Pennsylvania State University, Zihao Wang The Pennsylvania State University, Xiaoting Li Penn State University, James Larus EPFL, Dinghao Wu The Pennsylvania State University
Pre-print Media Attached
17:15
20m
Paper
Data-Driven Synthesis of a Provably Sound Side Channel AnalysisTechnical Track
Technical Track
Jingbo Wang University of Southern California, Chungha Sung University of Southern California, Mukund Raghothaman University of Southern California, Chao Wang USC
Pre-print Media Attached

Wed 26 May

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

04:40 - 05:35
04:40
15m
Paper
An Axiomatic Approach to Detect Information Leaks in Concurrent ProgramsNIER
NIER - New Ideas and Emerging Results
Sandip Ghosal Indian Institute of Technology, Bombay, R.K. Shyamasundar Indian Institute of Technology, Bombay
Pre-print Media Attached
04:55
20m
Paper
Abacus: Precise Side-Channel AnalysisArtifact ReusableTechnical Track
Technical Track
Qinkun Bao The Pennsylvania State University, Zihao Wang The Pennsylvania State University, Xiaoting Li Penn State University, James Larus EPFL, Dinghao Wu The Pennsylvania State University
Pre-print Media Attached
05:15
20m
Paper
Data-Driven Synthesis of a Provably Sound Side Channel AnalysisTechnical Track
Technical Track
Jingbo Wang University of Southern California, Chungha Sung University of Southern California, Mukund Raghothaman University of Southern California, Chao Wang USC
Pre-print Media Attached