Eliminating Timing Side-channel Leaks Using Program Repair (ISSTA 2018 - ISSTA Technical Papers)

Write a Blog >>

Sun 15 - Sat 21 July 2018 Amsterdam, Netherlands

co-located with ECOOP and ISSTA 2018

Who

Meng Wu, Shengjian (Daniel) Guo, Patrick Schaumont, Chao Wang

Track

ISSTA 2018 ISSTA Technical Papers

Time Zone

The program is currently displayed in (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.

Use conference time zone: (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, ViennaSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Mon 16 Jul 2018 11:20 - 11:40 at Zurich II - Secure and Sound Chair(s): Cristian Cadar

Abstract

We propose a method, based on program analysis and transformation, for eliminating timing side channels in software code that implements security-critical applications. Our method takes as input the original program together with a list of secret variables (e.g., cryptographic keys, security tokens, and passwords) and returns the transformed program as output. The transformed program is guaranteed to be functionally equivalent to the original program and free of both instruction- and cache-timing side channels. Specifically, we ensure (1) the number of CPU cycles taken to execute any path is independent of the secret data and (2) the cache behavior of memory accesses, in terms of misses/hits, is independent of the secret data. We have implemented our new method in LLVM and validated its effectiveness on a large set of applications, which are cryptographic libraries with 19,708 lines of C/C++ code in total. Our experiments show the method is both scalable for real applications and effective in eliminating timing side channels.

Meng Wu

Virginia Tech

China

Shengjian (Daniel) Guo

Virginia Tech

Patrick Schaumont

Virginia Tech

Chao Wang

University of Southern California

United States

Time Zone

The program is currently displayed in (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.

Use conference time zone: (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, ViennaSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Mon 16 Jul
Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

11:00 - 12:30	Secure and SoundISSTA Technical Papers at Zurich II Chair(s): Cristian Cadar Imperial College London

11:00 20m Talk		Lightweight Verification of Array Indexing ISSTA Technical Papers Martin Kellogg University of Washington, Seattle, Vlastimil Dort Charles University, Suzanne Millstein University of Washington, Michael D. Ernst University of Washington, USA
11:20 20m Talk		Eliminating Timing Side-channel Leaks Using Program Repair ISSTA Technical Papers Meng Wu Virginia Tech, Shengjian (Daniel) Guo Virginia Tech, Patrick Schaumont Virginia Tech, Chao Wang University of Southern California
11:40 20m Talk		Symbolic Path Cost Analysis for Side-Channel Detection ISSTA Technical Papers Tegan Brennan , Seemanta Saha University of California Santa Barbara, Tevfik Bultan University of California, Santa Barbara, Corina S. Păsăreanu NASA Ames Research Center
12:00 20m Talk		Safe and Sound Program Analysis with Flix ISSTA Technical Papers Magnus Madsen Aalborg University, Ondřej Lhoták University of Waterloo, Canada
12:20 10m		Q&A in groups ISSTA Technical Papers