Decomposition Instead of Self-Composition for k-Safety

We describe a novel technique for proving k-safety properties (non-interference, determinism, etc.) via a decomposition that enables one to leverage non-relational reasoning techniques. The key is the inter-operation of the following principles. First, we observe that many k-safety properties of interest have a particular structure that we call ψ-quotient partitionability where ψ is a k-ary formula. Second, we develop a partitioning strategy of execution traces based on the k-safety property Φ of interest such that if ψ holds for k traces then they must be in the same partition. Finally, within a partition component Ti, we observe that we can prove k-safety by instead proving a universal property: all traces within the partition satisfy some common property Pi, chosen to be strong enough that it implies the k-safety property Φ of any k-tuple of traces in components Ti. We apply this strategy to the task of discovering timing side channels. A key feature of our approach is a demanddriven partitioning strategy that uses high/low-annotated regex-like trails to reason about one partition component of execution traces at a time. We have applied our technique in a prototype implementation tool called Blazer, based on WALA, PPL, Z3, and the brics automaton library. We have proved non-interference of (or synthesized an attack specification for) 25 programs written in Java bytecode, including 7 classic examples from the literature, and 6 examples extracted from the DARPA STAC challenge problems.

[1]  Johan Agat,et al.  Transforming out timing leaks , 2000, POPL '00.

[2]  Corina S. Pasareanu,et al.  Multi-run Side-Channel Analysis Using Symbolic Execution and Max-SMT , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).

[3]  David A. Naumann From Coupling Relations to Mated Invariants for Checking Information Flow , 2006, ESORICS.

[4]  Alexander Aiken,et al.  Secure Information Flow as a Safety Problem , 2005, SAS.

[5]  A. Rybalchenko,et al.  Transition invariants , 2004, LICS 2004.

[6]  Sumit Gulwani,et al.  The reachability-bound problem , 2010, PLDI '10.

[7]  Sumit Gulwani,et al.  Control-flow refinement and progress invariants for bound analysis , 2009, PLDI '09.

[8]  Roberto Bagnara,et al.  The Parma Polyhedra Library: Toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems , 2006, Sci. Comput. Program..

[9]  Julien Henry Static Analysis by Path Focusing , 2011 .

[10]  Isil Dillig,et al.  Cartesian hoare logic for verifying k-safety properties , 2016, PLDI.

[11]  Gilles Barthe,et al.  Relational Verification Using Product Programs , 2011, FM.

[12]  Jan Reineke,et al.  CacheAudit: A Tool for the Static Analysis of Cache Side Channels , 2013, TSEC.

[13]  Michael R. Clarkson,et al.  Hyperproperties , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[14]  Daniel Genkin,et al.  Get your hands off my laptop: physical side-channel key-extraction attacks on PCs , 2014, Journal of Cryptographic Engineering.

[15]  Hirotoshi Yasuoka,et al.  On Bounding Problems of Quantitative Information Flow , 2010, ESORICS.

[16]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[17]  Sumit Gulwani,et al.  SPEED: precise and efficient static estimation of program computational complexity , 2009, POPL '09.

[18]  Xavier Rival,et al.  Trace Partitioning in Abstract Interpretation Based Static Analyzers , 2005, ESOP.

[19]  David Sands,et al.  Timing Aware Information Flow Security for a JavaCard-like Bytecode , 2005, Electron. Notes Theor. Comput. Sci..

[20]  Gregor Snelting,et al.  Checking probabilistic noninterference using JOANA , 2014, it Inf. Technol..

[21]  Hirotoshi Yasuoka,et al.  Quantitative information flow as safety and liveness hyperproperties , 2014, Theor. Comput. Sci..

[22]  David Monniaux,et al.  PAGAI: A Path Sensitive Static Analyser , 2012, Electron. Notes Theor. Comput. Sci..

[23]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[24]  Peter W. O'Hearn,et al.  Variance analyses from invariance analyses , 2007, POPL '07.

[25]  Danfeng Zhang,et al.  Language-based control and mitigation of timing channels , 2012, PLDI.