Write a Blog >>
ISSTA 2018
Sun 15 - Sat 21 July 2018 Amsterdam, Netherlands
co-located with ECOOP and ISSTA 2018
Mon 16 Jul 2018 11:20 - 11:40 at Zurich II - Secure and Sound Chair(s): Cristian Cadar

We propose a method, based on program analysis and transformation, for eliminating timing side channels in software code that implements security-critical applications. Our method takes as input the original program together with a list of secret variables (e.g., cryptographic keys, security tokens, and passwords) and returns the transformed program as output. The transformed program is guaranteed to be functionally equivalent to the original program and free of both instruction- and cache-timing side channels. Specifically, we ensure (1) the number of CPU cycles taken to execute any path is independent of the secret data and (2) the cache behavior of memory accesses, in terms of misses/hits, is independent of the secret data. We have implemented our new method in LLVM and validated its effectiveness on a large set of applications, which are cryptographic libraries with 19,708 lines of C/C++ code in total. Our experiments show the method is both scalable for real applications and effective in eliminating timing side channels.

Mon 16 Jul

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

11:00 - 12:30
Secure and SoundISSTA Technical Papers at Zurich II
Chair(s): Cristian Cadar Imperial College London
11:00
20m
Talk
Lightweight Verification of Array Indexing
ISSTA Technical Papers
Martin Kellogg University of Washington, Seattle, Vlastimil Dort Charles University, Suzanne Millstein University of Washington, Michael D. Ernst University of Washington, USA
11:20
20m
Talk
Eliminating Timing Side-channel Leaks Using Program Repair
ISSTA Technical Papers
Meng Wu Virginia Tech, Shengjian (Daniel) Guo Virginia Tech, Patrick Schaumont Virginia Tech, Chao Wang University of Southern California
11:40
20m
Talk
Symbolic Path Cost Analysis for Side-Channel Detection
ISSTA Technical Papers
Tegan Brennan , Seemanta Saha University of California Santa Barbara, Tevfik Bultan University of California, Santa Barbara, Corina S. Păsăreanu NASA Ames Research Center
12:00
20m
Talk
Safe and Sound Program Analysis with Flix
ISSTA Technical Papers
Magnus Madsen Aalborg University, Ondřej Lhoták University of Waterloo, Canada
12:20
10m
Q&A in groups
ISSTA Technical Papers