Validation of Side-Channel Models via Observation Refinement

Observational models enable the analysis of information flow properties against side channels. Relational testing has been used to validate the soundness of these models by measuring the side channel on states that the model considers indistinguishable. However, unguided search can generate test states that are too similar to each other to invalidate the model. To address this we introduce observation refinement, a technique to guide the exploration of the state space to focus on hardware features of interest. We refine observational models to include fine-grained observations that characterize behavior that we want to exclude. States that yield equivalent refined observations are then ruled out, reducing the size of the space. We have extended an existing model validation framework, Scam-V, to support refinement. We have evaluated the usefulness of refinement for search guidance by analyzing cache coloring and speculative leakage in the ARMv8-A architecture. As a surprising result, we have exposed SiSCLoak, a new vulnerability linked to speculative execution in Cortex-A53.

[1]  Koen Claessen,et al.  QuickCheck: a lightweight tool for random testing of Haskell programs , 2000, ACM SIGPLAN International Conference on Functional Programming.

[2]  Toon Verwaest,et al.  Spectre is here to stay: An analysis of side-channels and speculative execution , 2019, ArXiv.

[3]  Anthony C. J. Fox,et al.  Formal Specification and Verification of ARM6 , 2003, TPHOLs.

[4]  Onur Aciiçmez,et al.  Trace-Driven Cache Attacks on AES (Short Paper) , 2006, ICICS.

[5]  Jean-Pierre Seifert,et al.  Advances on Access-Driven Cache Attacks on AES , 2006, Selected Areas in Cryptography.

[6]  David Schultz,et al.  The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks , 2005, ICISC.

[7]  Magnus O. Myreen,et al.  A Trustworthy Monadic Formalization of the ARMv7 Instruction Set Architecture , 2010, ITP.

[8]  Manuel Barbosa,et al.  Formal verification of side-channel countermeasures using self-composition , 2013, Sci. Comput. Program..

[9]  Roberto Guanciale,et al.  InSpectre: Breaking and Fixing Microarchitectural Vulnerabilities by Formal Analysis , 2019, CCS.

[10]  Gilles Barthe,et al.  System-level Non-interference for Constant-time Cryptography , 2014, IACR Cryptol. ePrint Arch..

[11]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[12]  Andreas Lindner,et al.  Validation of Abstract Side-Channel Models for Computer Architectures , 2020, CAV.

[13]  Margaret Martonosi,et al.  CheckMate: Automated Synthesis of Hardware Exploits and Security Litmus Tests , 2018, 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[14]  Peter Davies,et al.  The TLB slice-a low-cost high-speed address translation mechanism , 1990, [1990] Proceedings. The 17th Annual International Symposium on Computer Architecture.

[15]  Dan Page,et al.  Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel , 2002, IACR Cryptol. ePrint Arch..

[16]  Frank Piessens,et al.  A Systematic Evaluation of Transient Execution Attacks and Defenses , 2018, USENIX Security Symposium.

[17]  Jan Reineke,et al.  CacheAudit: A Tool for the Static Analysis of Cache Side Channels , 2013, TSEC.

[18]  Yinqian Zhang,et al.  SPEECHMINER: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities , 2019, NDSS.

[19]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[20]  Hiroshi Miyauchi,et al.  Cryptanalysis of DES Implemented on Computers with Cache , 2003, CHES.

[21]  K. Claessen,et al.  QuickCheck: a lightweight tool for random testing of Haskell programs , 2000, ICFP '00.

[22]  Craig Disselkoen,et al.  Constant-time foundations for the new spectre era , 2020, PLDI.

[23]  Michael Hamburg,et al.  Meltdown: Reading Kernel Memory from User Space , 2018, USENIX Security Symposium.

[24]  Roberto Guanciale,et al.  Cache Storage Channels: Alias-Driven Attacks and Verified Countermeasures , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[25]  Marco Guarnieri,et al.  Hardware-Software Contracts for Secure Speculation , 2020, 2021 IEEE Symposium on Security and Privacy (SP).

[26]  Christian Jacobi,et al.  Putting it all together – Formal verification of the VAMP , 2006, International Journal on Software Tools for Technology Transfer.

[27]  Cristiano Giuffrida,et al.  ABSynthe: Automatic Blackbox Side-channel Synthesis on Commodity Microarchitectures , 2020, NDSS.

[28]  Andreas Lindner,et al.  TrABin: Trustworthy Analyses of Binaries , 2019, Sci. Comput. Program..

[29]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[30]  Tulika Mitra,et al.  KLEESpectre , 2019, ACM Trans. Softw. Eng. Methodol..

[31]  Christof Fetzer,et al.  SpecFuzz: Bringing Spectre-type vulnerabilities to the surface , 2019, USENIX Security Symposium.

[32]  Gilles Barthe,et al.  Verifying Constant-Time Implementations , 2016, USENIX Security Symposium.

[33]  Marco Guarnieri,et al.  Spectector: Principled Detection of Speculative Information Flows , 2018, 2020 IEEE Symposium on Security and Privacy (SP).

[34]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[35]  Berk Sunar,et al.  Medusa: Microarchitectural Data Leakage via Automated Attack Synthesis , 2020, USENIX Security Symposium.

[36]  Mohammad Zulkernine,et al.  Preventing Cache-Based Side-Channel Attacks in a Cloud Environment , 2014, IEEE Transactions on Cloud Computing.

[37]  Sanjit A. Seshia,et al.  A Formal Approach to Secure Speculation , 2019, 2019 IEEE 32nd Computer Security Foundations Symposium (CSF).

[38]  Marco Guarnieri,et al.  CacheQuery: learning replacement policies from hardware caches , 2019, PLDI.

[39]  Adi Shamir,et al.  Efficient Cache Attacks on AES, and Countermeasures , 2010, Journal of Cryptology.

[40]  Yang Liu,et al.  An Executable Formalisation of the SPARCv8 Instruction Set Architecture: A Case Study for the LEON3 Processor , 2016, FM.

[41]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[42]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.