Validation of Abstract Side-Channel Models for Computer Architectures

Observational models make tractable the analysis of information flow properties by providing an abstraction of side channels. We introduce a methodology and a tool, Scam-V, to validate observational models for modern computer architectures. We combine symbolic execution, relational analysis, and different program generation techniques to generate experiments and validate the models. An experiment consists of a randomly generated program together with two inputs that are observationally equivalent according to the model under the test. Validation is done by checking indistinguishability of the two inputs on real hardware by executing the program and analyzing the side channel. We have evaluated our framework by validating models that abstract the data-cache side channel of a Raspberry Pi 3 board with a processor implementing the ARMv8-A architecture. Our results show that Scam-V can identify bugs in the implementation of the models and generate test programs which invalidate the models due to hidden microarchitectural behavior.

[1]  Manuel Barbosa,et al.  Formal verification of side-channel countermeasures using self-composition , 2013, Sci. Comput. Program..

[2]  Gernot Heiser,et al.  Do Hardware Cache Flushing Operations Actually Meet Our Expectations? , 2016, ArXiv.

[3]  Koen Claessen,et al.  QuickCheck: a lightweight tool for random testing of Haskell programs , 2000, ICFP.

[4]  Yang Liu,et al.  An Executable Formalisation of the SPARCv8 Instruction Set Architecture: A Case Study for the LEON3 Processor , 2016, FM.

[5]  Magnus O. Myreen,et al.  A Trustworthy Monadic Formalization of the ARMv7 Instruction Set Architecture , 2010, ITP.

[6]  Ramana Kumar,et al.  Verified compilation of CakeML to multiple machine-code targets , 2017, CPP.

[7]  Herbert Bos,et al.  Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think , 2018, USENIX Security Symposium.

[8]  Christian Jacobi,et al.  Putting it all together – Formal verification of the VAMP , 2006, International Journal on Software Tools for Technology Transfer.

[9]  Jean-Pierre Seifert,et al.  Advances on Access-Driven Cache Attacks on AES , 2006, Selected Areas in Cryptography.

[10]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[11]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[12]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[13]  Gernot Heiser,et al.  Your processor leaks information — and there's nothing you can do about it , 2016, 1612.04474.

[14]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[15]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[16]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[17]  Stefan Heinz,et al.  Using Model Counting to Find Optimal Distinguishing Tests , 2009, CPAIOR.

[18]  Onur Aciiçmez,et al.  Predicting Secret Keys Via Branch Prediction , 2007, CT-RSA.

[19]  John McLean,et al.  Proving Noninterference and Functional Correctness Using Traces , 1992, J. Comput. Secur..

[20]  Brian Campbell,et al.  Randomised testing of a microprocessor model using SMT-solver state generation , 2014, Sci. Comput. Program..

[21]  Adi Shamir,et al.  Efficient Cache Attacks on AES, and Countermeasures , 2010, Journal of Cryptology.

[22]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[23]  Anthony C. J. Fox,et al.  Formal Specification and Verification of ARM6 , 2003, TPHOLs.

[24]  SewellPeter,et al.  The semantics of x86-CC multiprocessor machine code , 2009 .

[25]  Allen Newell,et al.  Computer Structures: Principles and Examples , 1983 .

[26]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[27]  David Schultz,et al.  The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks , 2005, ICISC.

[28]  Magdy S. Abadir,et al.  A Survey of Hybrid Techniques for Functional Verification , 2007, IEEE Design & Test of Computers.

[29]  Mohammad Zulkernine,et al.  Preventing Cache-Based Side-Channel Attacks in a Cloud Environment , 2014, IEEE Transactions on Cloud Computing.

[30]  A. W. Roscoe CSP and determinism in security modelling , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[31]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[32]  Joseph Tassarotti,et al.  RockSalt: better, faster, stronger SFI for the x86 , 2012, PLDI.

[33]  Matt Kaufmann,et al.  Simulation and formal verification of x86 machine-code programs that make system calls , 2014, 2014 Formal Methods in Computer-Aided Design (FMCAD).

[34]  Anthony C. J. Fox Directions in ISA Specification , 2012, ITP.

[35]  Andreas Lindner,et al.  TrABin: Trustworthy Analyses of Binaries , 2019, Sci. Comput. Program..

[36]  Stefan Mangard,et al.  Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript , 2015, DIMVA.

[37]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[38]  Tom Ridge,et al.  The semantics of x86-CC multiprocessor machine code , 2009, POPL '09.

[39]  Roberto Guanciale,et al.  Cache Storage Channels: Alias-Driven Attacks and Verified Countermeasures , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[40]  Onur Aciiçmez,et al.  Trace-Driven Cache Attacks on AES (Short Paper) , 2006, ICICS.

[41]  Mads Dam,et al.  On the verification of system-level information flow properties for virtualized execution platforms , 2019, Journal of Cryptographic Engineering.

[42]  TaylorGeorge,et al.  The TLB slicea low-cost high-speed address translation mechanism , 1990 .

[43]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[44]  Jan Reineke,et al.  CacheAudit: A Tool for the Static Analysis of Cache Side Channels , 2013, TSEC.

[45]  Peter Davies,et al.  The TLB slice-a low-cost high-speed address translation mechanism , 1990, [1990] Proceedings. The 17th Annual International Symposium on Computer Architecture.

[46]  Roberto Guanciale,et al.  Automating Information Flow Analysis of Low Level Code , 2014, CCS.

[47]  Gilles Barthe,et al.  Verifying Constant-Time Implementations , 2016, USENIX Security Symposium.

[48]  Hiroshi Miyauchi,et al.  Cryptanalysis of DES Implemented on Computers with Cache , 2003, CHES.

[49]  Michael D. Ernst,et al.  Feedback-Directed Random Test Generation , 2007, 29th International Conference on Software Engineering (ICSE'07).