ct-fuzz: Fuzzing for Timing Leaks

Testing-based methodologies like fuzzing are able to analyze complex software which is not amenable to traditional formal approaches like verification, model checking, and abstract interpretation. Despite enormous success a texposing countless security vulnerabilities in many popular software projects, applications of testing-based approaches mainly targeted checking traditional safety properties like memory safety. While unquestionably important, this class of properties does not precisely characterize other important security aspects such as information leakage, e.g., through side channels.In this work we extend testing-based software analysis methodologies to two-safety properties, which enables the precise discovery of information leaks in complex software. In particular, we present the ct-fuzz tool, which lends coverage-guided grey box fuzzers the ability to detect two safety property violations. Our approach is capable of exposing violations to any two-safety property expressed a sequality between two program traces. Empirically, we demonstrate that ct-fuzz swiftly reveals timing leaks in popular cryptographic implementations.

[1]  Bruce Schneier,et al.  Applied cryptography : protocols, algorithms, and source codein C , 1996 .

[2]  Abhik Roychoudhury,et al.  Symbolic Verification of Cache Side-Channel Freedom , 2018, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[3]  Konstantin Serebryany,et al.  MemorySanitizer: Fast detector of uninitialized memory use in C++ , 2015, 2015 IEEE/ACM International Symposium on Code Generation and Optimization (CGO).

[4]  Xiao Liu,et al.  CacheD: Identifying Cache-Based Timing Channels in Production Software , 2017, USENIX Security Symposium.

[5]  Fernando Magno Quintão Pereira,et al.  Sparse representation of implicit flows with applications to side-channel detection , 2016, CC.

[6]  Michael Hicks,et al.  Decomposition instead of self-composition for proving the absence of timing channels , 2017, PLDI.

[7]  Julien Signoles,et al.  Experience report: OCaml for an industrial-strength static analysis framework , 2009, ICFP.

[8]  Thomas Eisenbarth,et al.  MicroWalk: A Framework for Finding Side Channels in Binaries , 2018, ACSAC.

[9]  Amir Pnueli,et al.  CoVaC: Compiler Validation by Program Analysis of the Cross-Product , 2008, FM.

[10]  Derek Bruening,et al.  AddressSanitizer: A Fast Address Sanity Checker , 2012, USENIX Annual Technical Conference.

[11]  Zvonimir Rakamaric,et al.  SMACK: Decoupling Source Language Details from Verifier Implementations , 2014, CAV.

[12]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[13]  Quoc-Sang Phan,et al.  Self-composition by Symbolic Execution , 2013, ICCSW.

[14]  Xavier Leroy,et al.  A Formally Verified Compiler Back-end , 2009, Journal of Automated Reasoning.

[15]  Sarfraz Khurshid,et al.  Test input generation with java PathFinder , 2004, ISSTA '04.

[16]  Zohar Manna,et al.  Temporal Verification of Reactive Systems , 1995, Springer New York.

[17]  Jun Zhang,et al.  SCI nfer : Refinement-based Verification of Software Countermeasures against Side-Channel Attacks ? , 2018 .

[18]  Chao Wang,et al.  CANAL: A Cache Timing Analysis Framework via LLVM Transformation , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[19]  Andreas Zeller,et al.  Detecting information flow by mutating input data , 2017, 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[20]  Abhik Roychoudhury,et al.  Coverage-Based Greybox Fuzzing as Markov Chain , 2017, IEEE Trans. Software Eng..

[21]  Dave Clarke,et al.  Noninterference via Symbolic Execution , 2012, FMOODS/FORTE.

[22]  Konstantin Serebryany,et al.  Dynamic Race Detection with LLVM Compiler - Compile-Time Instrumentation for ThreadSanitizer , 2011, RV.

[23]  Mads Dam,et al.  ENCoVer: Symbolic Exploration for Information Flow Security , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[24]  Meng Wu,et al.  Eliminating timing side-channel leaks using program repair , 2018, ISSTA.

[25]  Goran Doychev,et al.  Rigorous analysis of software countermeasures against cache attacks , 2017, PLDI.

[26]  Serdar Tasiran,et al.  SideTrail: Verifying Time-Balancing of Cryptosystems , 2018, VSTTE.

[27]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[28]  Manuel Barbosa,et al.  Formal verification of side-channel countermeasures using self-composition , 2013, Sci. Comput. Program..

[29]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[30]  Vikram S. Adve,et al.  The LLVM Compiler Framework and Infrastructure Tutorial , 2004, LCPC.

[31]  Georg Sigl,et al.  DATA - Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries , 2018, USENIX Security Symposium.

[32]  Gilles Barthe,et al.  Verifying Constant-Time Implementations , 2016, USENIX Security Symposium.

[33]  Abhik Roychoudhury,et al.  Directed Greybox Fuzzing , 2017, CCS.

[34]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[35]  Alexander Aiken,et al.  Secure Information Flow as a Safety Problem , 2005, SAS.

[36]  Gilles Barthe,et al.  System-level Non-interference for Constant-time Cryptography , 2014, IACR Cryptol. ePrint Arch..

[37]  Ingrid Verbauwhede,et al.  Dude, is my code constant time? , 2017, Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017.

[38]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[39]  Jan Reineke,et al.  CacheAudit: A Tool for the Static Analysis of Cache Side Channels , 2013, TSEC.

[40]  Xavier Leroy,et al.  A Formally-Verified C Static Analyzer , 2015, POPL.

[41]  Sharad Malik,et al.  Lazy Self-composition for Security Verification , 2018, CAV.

[42]  David Pichardie,et al.  Verifying constant-time implementations by abstract interpretation , 2019, J. Comput. Secur..