Symbolic Verification of Cache Side-Channel Freedom

Cache timing attacks allow third-party observers to retrieve sensitive information from program executions. But, is it possible to automatically check the vulnerability of a program against cache timing attacks and then, automatically shield program executions against these attacks? For a given program, a cache configuration and an attack model, our CacheFix framework either verifies the cache side-channel freedom of the program or synthesizes a series of patches to ensure cache side-channel freedom during program execution. At the core of our framework is a novel symbolic verification technique based on automated abstraction refinement of cache semantics. The power of such a framework allows symbolic reasoning over counterexample traces and combines it with runtime monitoring for eliminating cache side channels during program execution. Our evaluation with routines from OpenSSL, libfixedtimefixedpoint, GDK, and FourQlib libraries reveals that our CacheFix approach (dis)proves cache side-channel freedom within an average of 75 s. In nearly all test cases, CacheFix synthesizes all patches within 20 min to ensure cache side-channel freedom of the respective routines during execution.

[1]  David A. Basin,et al.  An information-theoretic model for adaptive side-channel attacks , 2007, CCS '07.

[2]  Stefan Mangard,et al.  ARMageddon: Cache Attacks on Mobile Devices , 2015, USENIX Security Symposium.

[3]  Jan Reineke,et al.  Security Analysis of Cache Replacement Policies , 2017, POST.

[4]  Sudipta Chattopadhyay Directed Automated Memory Performance Testing , 2017, TACAS.

[5]  Michael Hamburg,et al.  Meltdown: Reading Kernel Memory from User Space , 2018, USENIX Security Symposium.

[6]  Michael Backes,et al.  Automatic Discovery and Quantification of Information Leaks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[7]  Roberto Guanciale,et al.  Cache Storage Channels: Alias-Driven Attacks and Verified Countermeasures , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[8]  Stephen McCamant,et al.  Measuring channel capacity to distinguish undue influence , 2009, PLAS '09.

[9]  Corina S. Pasareanu,et al.  Multi-run Side-Channel Analysis Using Symbolic Execution and Max-SMT , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).

[10]  Gilles Barthe,et al.  Verifying Constant-Time Implementations , 2016, USENIX Security Symposium.

[11]  Yuval Yarom,et al.  CacheBleed: a timing attack on OpenSSL constant-time RSA , 2016, Journal of Cryptographic Engineering.

[12]  Michael Hicks,et al.  Decomposition instead of self-composition for proving the absence of timing channels , 2017, PLDI.

[13]  Gernot Heiser,et al.  A survey of microarchitectural timing attacks and countermeasures on contemporary hardware , 2016, Journal of Cryptographic Engineering.

[14]  Gilles Barthe,et al.  System-level Non-interference for Constant-time Cryptography , 2014, IACR Cryptol. ePrint Arch..

[15]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[16]  Armin Biere,et al.  Bounded Model Checking Using Satisfiability Solving , 2001, Formal Methods Syst. Des..

[17]  Stefan Mangard,et al.  Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches , 2015, USENIX Security Symposium.

[18]  Abhik Roychoudhury,et al.  Scalable and precise refinement of cache timing analysis via path-sensitive verification , 2013, Real-Time Systems.

[19]  Henrik Theiling,et al.  Fast and Precise WCET Prediction by Separated Cache and Path Analyses , 2000, Real-Time Systems.

[20]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[21]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[22]  Ruby B. Lee,et al.  New cache designs for thwarting software cache-based side channel attacks , 2007, ISCA '07.

[23]  Andreas Zeller,et al.  Quantifying the information leak in cache attacks via symbolic execution , 2017, MEMOCODE.

[24]  Sudipta Chattopadhyay,et al.  Testing Cache Side-Channel Leakage , 2017, 2017 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW).

[25]  Onur Aciiçmez,et al.  Trace-Driven Cache Attacks on AES , 2006, IACR Cryptol. ePrint Arch..

[26]  Gernot Heiser,et al.  Last-Level Cache Side-Channel Attacks are Practical , 2015, 2015 IEEE Symposium on Security and Privacy.

[27]  Laurent Mauborgne,et al.  Automatic Quantification of Cache Side-Channels , 2012, CAV.

[28]  Per Larsen,et al.  Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity , 2015, NDSS.

[29]  Stephan Krenn,et al.  Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice , 2011, 2011 IEEE Symposium on Security and Privacy.

[30]  Alessandro Orso,et al.  Dytan: a generic dynamic taint analysis framework , 2007, ISSTA '07.

[31]  Jan Reineke,et al.  CacheAudit: A Tool for the Static Analysis of Cache Side Channels , 2013, TSEC.