Abstract
As one of the fundamental optimizations in modern processors, the out-of-order execution boosts the pipeline throughput by executing independent instructions in parallel rather than in their program orders. However, due to the side effects introduced by such microarchitectural optimization to the CPU cache, secret-critical applications may suffer from timing side-channel leaks. This paper presents a symbolic execution-based technique, named SymO3, for exposing cache timing leaks under the context of out-of-order execution. SymO3 proposes new components that address the modeling, reduction, and reasoning challenges of accommodating program analysis to the software code out-of-order analysis. We implemented SymO3 upon KLEE and conducted three evaluations on it. Experimental results show that SymO3 successfully uncovers a set of cache timing leaks in five real-world programs. Also, SymO3 finds that, in general, program transformation from compiler optimizations shrink the surface to timing leaks. Furthermore, augmented with a speculative execution modeling, SymO3 identifies five more leaky programs based on the compound analysis.
Supplemental Material
- A. Abel and J. Reineke. uops.info: Characterizing latency, throughput, and port usage of instructions on intel microarchitectures. In Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2019, Providence, RI, USA, April 13-17, 2019, pages 673-686, 2019.Google Scholar
Digital Library
- A. C. Aldaya, C. P. García, L. M. A. Tapia, and B. B. Brumley. Cache-timing attacks on RSA key generation. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2019 (4): 213-242, 2019. doi: 10.13154/tches.v2019. i4. 213-242. URL https://doi.org/10.13154/ tches.v2019. i4. 213-242. Google Scholar
Cross Ref
- T. Antonopoulos, P. Gazzillo, M. Hicks, E. Koskinen, T. Terauchi, and S. Wei. Decomposition instead of self-composition for proving the absence of timing channels. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017, Barcelona, Spain, June 18-23, 2017, pages 362-375, 2017.Google Scholar
Digital Library
- L. Bang, A. Aydin, Q. Phan, C. S. Pasareanu, and T. Bultan. String analysis for side channels with segmented oracles. In Proceedings of the 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, FSE 2016, Seattle, WA, USA, November 13-18, 2016, pages 193-204, 2016.Google Scholar
Digital Library
- L. Bang, N. Rosner, and T. Bultan. Online synthesis of adaptive side-channel attacks based on noisy observations. In 2018 IEEE European Symposium on Security and Privacy, EuroS&P 2018, London, United Kingdom, April 24-26, 2018, pages 307-322, 2018.Google Scholar
Cross Ref
- G. Barthe, B. Köpf, L. Mauborgne, and M. Ochoa. Leakage resilience against concurrent cache attacks. In Principles of Security and Trust-Third International Conference, POST 2014, pages 140-158, 2014.Google Scholar
Cross Ref
- T. Basu and S. Chattopadhyay. Testing cache side-channel leakage. In 2017 IEEE International Conference on Software Testing, Verification and Validation Workshops, ICST Workshops 2017, Tokyo, Japan, March 13-17, 2017, pages 51-60, 2017.Google Scholar
Cross Ref
- T. Basu, K. Aggarwal, C. Wang, and S. Chattopadhyay. An exploration of efective fuzzing for side-channel cache leakage. Softw. Test., Verif. Reliab., 30 ( 1 ), 2020.Google Scholar
- T. Bergan, D. Grossman, and L. Ceze. Symbolic execution of multithreaded programs from arbitrary program contexts. In OOPSLA, pages 491-506, 2014.Google Scholar
Digital Library
- R. Brotzman, S. Liu, D. Zhang, G. Tan, and M. T. Kandemir. Casym: Cache aware symbolic execution for side channel detection and mitigation. In 2019 IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA, May 19-23, 2019, pages 505-521. IEEE, 2019.Google Scholar
Cross Ref
- S. Bucur, V. Ureche, C. Zamfir, and G. Candea. Parallel symbolic execution for automated real-world software testing. In European Conference on Computer Systems, Proceedings of the Sixth European conference on Computer systems, EuroSys 2011, Salzburg, Austria, April 10-13, 2011, pages 183-198, 2011.Google Scholar
Digital Library
- J. V. Bulck, M. Minkin, O. Weisse, D. Genkin, B. Kasikci, F. Piessens, M. Silberstein, T. F. Wenisch, Y. Yarom, and R. Strackx. Foreshadow: Extracting the keys to the intel SGX kingdom with transient out-of-order execution. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018., pages 991-1008, 2018.Google Scholar
- D. Burger and T. M. Austin. The simplescalar tool set, version 2.0. ACM SIGARCH computer architecture news, 25 ( 3 ): 13-25, 1997.Google Scholar
- C. Cadar. Targeted program transformations for symbolic execution. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering, ESEC/FSE 2015, Bergamo, Italy, August 30-September 4, 2015, pages 906-909, 2015.Google Scholar
Digital Library
- C. Cadar, D. Dunbar, and D. R. Engler. KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In 8th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2008, December 8-10, 2008, San Diego, California, USA, Proceedings, pages 209-224, 2008.Google Scholar
- S. K. Cha, T. Avgerinos, A. Rebert, and D. Brumley. Unleashing mayhem on binary code. In IEEE Symposium on Security and Privacy, SP 2012, 21-23 May 2012, San Francisco, California, USA, pages 380-394, 2012.Google Scholar
Digital Library
- S. Chattopadhyay. Directed automated memory performance testing. In Tools and Algorithms for the Construction and Analysis of Systems-23rd International Conference, TACAS 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS, pages 38-55, 2017.Google Scholar
Digital Library
- S. Chattopadhyay, M. Beck, A. Rezine, and A. Zeller. Quantifying the information leak in cache attacks via symbolic execution. In Proceedings of the 15th ACM-IEEE International Conference on Formal Methods and Models for System Design, MEMOCODE 2017, Vienna, Austria, September 29-October 02, 2017, pages 25-35, 2017.Google Scholar
Digital Library
- J. Chen, Y. Feng, and I. Dillig. Precise detection of side-channel vulnerabilities using quantitative cartesian hoare logic. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pages 875-890, 2017.Google Scholar
Digital Library
- J. Chen, W. Hu, L. Zhang, D. Hao, S. Khurshid, and L. Zhang. Learning to accelerate symbolic execution via code transformation. In 32nd European Conference on Object-Oriented Programming, ECOOP 2018, July 16-21, 2018, Amsterdam, The Netherlands, pages 6 : 1-6 : 27, 2018.Google Scholar
- D. Chu, J. Jafar, and R. Maghareh. Precise cache timing analysis via symbolic execution. In 2016 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), Vienna, Austria, April 11-14, 2016, pages 293-304, 2016.Google Scholar
Cross Ref
- L. Ciortea, C. Zamfir, S. Bucur, V. Chipounov, and G. Candea. Cloud9: a software testing service. Operating Systems Review, 43 ( 4 ): 5-10, 2009.Google Scholar
Digital Library
- L. A. Clarke. A program testing system. In Proceedings of the 1976 Annual Conference, Houston, Texas, USA, October 20-22, 1976, pages 488-491, 1976.Google Scholar
Digital Library
- A. Colin and I. Puaut. Worst case execution time analysis for a processor with branch prediction. Real-Time Systems, 18 ( 2-3 ): 249-274, 2000.Google Scholar
Digital Library
- B. Coppens, I. Verbauwhede, K. D. Bosschere, and B. D. Sutter. Practical mitigations for timing-based side-channel attacks on modern x86 processors. In 2009 30th IEEE Symposium on Security and Privacy, pages 45-60, May 2009. doi: 10.1109/SP. 2009. 19.Google Scholar
Digital Library
- M. Dellinger, P. Garyali, and B. Ravindran. chronos. Chronos linux: a bestefort real-time multiprocessor linux kernel, 2011.Google Scholar
- J. Dhem, F. Koeune, P. Leroux, P. Mestré, J. Quisquater, and J. Willems. A practical implementation of the timing attack. In Smart Card Research and Applications, This International Conference, CARDIS '98, Louvain-la-Neuve, Belgium, September 14-16, 1998, Proceedings, pages 167-182, 1998.Google Scholar
- D. Dinu, Y. L. Corre, D. Khovratovich, L. Perrin, J. Großschädl, and A. Biryukov. triathlon. Triathlon of lightweight block ciphers for the internet of things., 2015.Google Scholar
- C. Disselkoen, D. Kohlbrenner, L. Porter, and D. M. Tullsen. Prime+abort: A timer-free high-precision L3 cache attack using intel TSX. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16-18, 2017., pages 51-67, 2017.Google Scholar
- S. Dong, O. Olivo, L. Zhang, and S. Khurshid. Studying the influence of standard compiler optimizations on symbolic execution. In 26th IEEE International Symposium on Software Reliability Engineering, ISSRE 2015, Gaithersbury, MD, USA, November 2-5, 2015, pages 205-215, 2015.Google Scholar
Digital Library
- G. Doychev and B. Köpf. Rigorous analysis of software countermeasures against cache attacks. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017, Barcelona, Spain, June 18-23, 2017, pages 406-421, 2017.Google Scholar
Digital Library
- G. Doychev, D. Feld, B. Köpf, L. Mauborgne, and J. Reineke. Cacheaudit: A tool for the static analysis of cache side channels. In Proceedings of the 22th USENIX Security Symposium, Washington, DC, USA, August 14-16, 2013, pages 431-446, 2013.Google Scholar
- Y. Etsion. Computer Architecture: Out-of-order Execution. https://iis-people.ee.ethz.ch/~gmichi/asocd/addinfo/Out-ofOrder_execution.pdf, 2013.Google Scholar
- C. Flanagan and P. Godefroid. Dynamic partial-order reduction for model checking software. In J. Palsberg and M. Abadi, editors, Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2005, Long Beach, California, USA, January 12-14, 2005, pages 110-121. ACM, 2005.Google Scholar
- FourQLib. FourQLib. https://github.com/Microsoft/FourQlib/, 2020.Google Scholar
- freeradius. freeradius. https://freeradius.org/, 2020.Google Scholar
- GDK. GDK. GDK Library https://developer.gnome. org/gdk3/3.22/, 2018.Google Scholar
- glibc. glibc-2. 29.9000. https://www.gnu.org/software/libc/, 2019.Google Scholar
- B. Gras, K. Razavi, E. Bosman, H. Bos, and C. Giufrida. ASLR on the line: Practical cache attacks on the MMU. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26-March 1, 2017. The Internet Society, 2017.Google Scholar
Cross Ref
- D. Gruss, C. Maurice, K. Wagner, and S. Mangard. Flush+flush: A fast and stealthy cache attack. In Proceedings of the 13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment-Volume 9721, DIMVA 2016, page 279-299, Berlin, Heidelberg, 2016. Springer-Verlag. ISBN 9783319406664.Google Scholar
Digital Library
- M. Guarnieri, B. Köpf, J. F. Morales, J. Reineke, and A. Sánchez. Spectector: Principled detection of speculative information lfows. In 2020 IEEE Symposium on Security and Privacy, SP 2020, San Francisco, CA, USA, May 18-21, 2020, pages 1-19. IEEE, 2020. doi: 10.1109/SP40000. 2020.00011. URL https://doi.org/10.1109/SP40000. 2020. 00011. Google Scholar
Cross Ref
- S. Guo, M. Kusano, C. Wang, Z. Yang, and A. Gupta. Assertion guided symbolic execution of multithreaded programs. In ACM SIGSOFT Symposium on Foundations of Software Engineering, pages 854-865, 2015.Google Scholar
Digital Library
- S. Guo, M. Wu, and C. Wang. Adversarial symbolic execution for detecting concurrency-related cache timing leaks. In Proceedings of the 2018 ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/SIGSOFT FSE 2018, Lake Buena Vista, FL, USA, November 04-09, 2018, pages 377-388, 2018.Google Scholar
Digital Library
- S. Guo, Y. Chen, P. Li, Y. Cheng, H. Wang, M. Wu, and Z. Zuo. Specusym: Speculative symbolic execution for cache timing leak detection. In Proceedings of the 42th International Conference on Software Engineering: Companion Proceeedings, ICSE 2020, Seoul, South Korea, pages 1235-1247, 2020. doi: 10.1145/3377811.3380428. URL https://doi.org/10.1145/3377811.3380428. Google Scholar
Digital Library
- J. Gustafsson, A. Betts, A. Ermedahl, and B. Lisper. [email protected]. The Mälardalen WCET Benchmarks-Past, Present and Future, 2010.Google Scholar
- T. Gysi, T. Grosser, L. Brandner, and T. Hoefler. A fast analytical model of fully associative caches. In K. S. McKinley and K. Fisher, editors, Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2019, Phoenix, AZ, USA, June 22-26, 2019, pages 816-829. ACM, 2019.Google Scholar
Digital Library
- S. He, M. Emmi, and G. F. Ciocarlie. ct-fuzz: Fuzzing for timing leaks. CoRR, abs/ 1904.07280, 2019.Google Scholar
- Intel. The SkyLake Microarchitecture. https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-optimization-manual.pdf, 2016.Google Scholar
- J. C. King. Symbolic execution and program testing. Commun. ACM, 19 ( 7 ): 385-394, 1976.Google Scholar
Digital Library
- KLEE-Native. Binary Symbolic Execution with KLEE-Native. https://github.com/lifting-bits/klee#klee-native, 2019.Google Scholar
- P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, and Y. Yarom. Spectre attacks: Exploiting speculative execution. In 40th IEEE Symposium on Security and Privacy (S&P'19), 2019.Google Scholar
Cross Ref
- P. C. Kocher. Timing attacks on implementations of difie-hellman, rsa, dss, and other systems. In Advances in Cryptology-CRYPTO '96, 16th Annual International Cryptology Conference, Santa Barbara, California, USA, August 18-22, 1996, Proceedings, pages 104-113, 1996.Google Scholar
- M. Kusano and C. Wang. Thread-modular static analysis for relaxed memory models. In E. Bodden, W. Schäfer, A. van Deursen, and A. Zisman, editors, Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, ESEC/FSE 2017, Paderborn, Germany, September 4-8, 2017, pages 337-348. ACM, 2017.Google Scholar
Digital Library
- S. K. Lahiri, S. A. Seshia, and R. E. Bryant. Modeling and verification of out-of-order microprocessors in uclid. In International Conference on Formal Methods in Computer-Aided Design, pages 142-159. Springer, 2002.Google Scholar
Cross Ref
- C. Lattner and V. S. Adve. LLVM: A compilation framework for lifelong program analysis & transformation. In 2nd IEEE/ACM International Symposium on Code Generation and Optimization, 20-24 March 2004, San Jose, CA, USA, pages 75-88, 2004.Google Scholar
Cross Ref
- C. Lee, M. Potkonjak, and W. Mangione-Smith. mediabench. MediaBench: a tool for evaluating and synthesizing multimedia and communications systems, 1997.Google Scholar
- X. Li, A. Roychoudhury, and T. Mitra. Modeling out-of-order processors for software timing analysis. In Proceedings of the 25th IEEE Real-Time Systems Symposium, 5-8 December 2004, Lisbon, Portugal, pages 92-103, 2004.Google Scholar
Digital Library
- X. Li, A. Roychoudhury, and T. Mitra. Modeling out-of-order processors for WCET analysis. Real-Time Systems, 34 ( 3 ): 195-227, 2006.Google Scholar
Digital Library
- libfixedtimefixedpoint. libfixedtimefixedpoint. A library for doing constant-time fixed-point numeric operations: https://github.com/kmowery/libfixedtimefixedpoint/, 2017.Google Scholar
- Libgcrypt. Libgcrypt-1.8.4. https://gnupg.org/software/libgcrypt/index.html, 2018.Google Scholar
- LibTomCrypt. LibTomCrypt. http://www.libtom.net/LibTomCrypt/, 2019.Google Scholar
- M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, A. Fogh, J. Horn, S. Mangard, P. Kocher, D. Genkin, Y. Yarom, and M. Hamburg. Meltdown: Reading kernel memory from user space. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018, pages 973-990, 2018.Google Scholar
- mbedTLS. mbedTLS. https://tls.mbed.org/code/releases/, 2017.Google Scholar
- R. Metta, M. Becker, P. Bokil, S. Chakraborty, and R. Venkatesh. TIC: a scalable model checking based approach to WCET estimation. In T. Kuo and D. B. Whalley, editors, Proceedings of the 17th ACM SIGPLAN/SIGBED Conference on Languages, Compilers, Tools, and Theory for Embedded Systems, LCTES 2016, Santa Barbara, CA, USA, June 13-14, 2016, pages 72-81. ACM, 2016. doi: 10.1145/2907950.2907961. URL https://doi.org/10.1145/2907950.2907961. Google Scholar
Digital Library
- A. Moshovos and G. S. Sohi. Memory dependence speculation tradeofs in centralized, continuous-window superscalar processors. In Proceedings of the Sixth International Symposium on High-Performance Computer Architecture, Toulouse, France, January 8-12, 2000, pages 301-312, 2000.Google Scholar
- S. Nilizadeh, Y. Noller, and C. S. Pasareanu. Difuzz: diferential fuzzing for side-channel analysis. In Proceedings of the 41st International Conference on Software Engineering, ICSE 2019, Montreal, QC, Canada, May 25-31, 2019, pages 176-187, 2019.Google Scholar
- O. Oleksenko, B. Trach, M. Silberstein, and C. Fetzer. Specfuzz: Bringing spectre-type vulnerabilities to the surface. In S. Capkun and F. Roesner, editors, 29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020, pages 1481-1498. USENIX Association, 2020.Google Scholar
- S. Önder and R. Gupta. Dynamic memory disambiguation in the presence of out-of-order store issuing. In Proceedings of the 32nd Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 32, Haifa, Israel, November 16-18, 1999, pages 170-176, 1999.Google Scholar
Cross Ref
- OpenSSL. OpenSSL-1. 1.1c. https://mta.openssl.org/pipermail/openssl-announce/2019-May/000153.html, 2019.Google Scholar
- Y. Oren, V. P. Kemerlis, S. Sethumadhavan, and A. D. Keromytis. The spy in the sandbox: Practical cache attacks in javascript and their implications. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, page 1406-1418, New York, NY, USA, 2015. Association for Computing Machinery. ISBN 9781450338325. doi: 10.1145/2810103.2813708. URL https://doi.org/10.1145/2810103.2813708. Google Scholar
Digital Library
- D. A. Osvik, A. Shamir, and E. Tromer. Cache attacks and countermeasures: The case of AES. In Topics in Cryptology-CT-RSA 2006, The Cryptographers' Track at the RSA Conference 2006, San Jose, CA, USA, February 13-17, 2006, Proceedings, pages 1-20, 2006.Google Scholar
- V. S. Pai, P. Ranganathan, and S. V. Adve. Rsim: An execution-driven simulator for ilp-based shared-memory multiprocessors and uniprocessors. IEEE Technical Committee on Computer Architecture Newsletter, 1997.Google Scholar
- C. S. Pasareanu and N. Rungta. Symbolic pathfinder: symbolic execution of java bytecode. In ASE 2010, 25th IEEE/ACM International Conference on Automated Software Engineering, Antwerp, Belgium, September 20-24, 2010, pages 179-180, 2010.Google Scholar
Digital Library
- Q. Phan, L. Bang, C. S. Pasareanu, P. Malacaria, and T. Bultan. Synthesis of adaptive side-channel attacks. IACR Cryptology ePrint Archive, 2017 : 401, 2017.Google Scholar
- S. Poeplau and A. Francillon. Systematic comparison of symbolic execution systems: intermediate representation and its generation. In Proceedings of the 35th Annual Computer Security Applications Conference, ACSAC 2019, San Juan, PR, USA, December 09-13, 2019, pages 163-176, 2019.Google Scholar
Digital Library
- S. Poeplau and A. Francillon. Symbolic execution with symcc: Don't interpret, compile! In S. Capkun and F. Roesner, editors, 29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020, pages 181-198. USENIX Association, 2020.Google Scholar
- C. Rapier and B. Bennett. High speed bulk data transfer using the SSH protocol. In Proceedings of the 15th ACM Mardi Gras conference: From lightweight mash-ups to lambda grids: Understanding the spectrum of distributed computing requirements, applications, tools, infrastructures, interoperability, and the incremental adoption of key capabilities, Baton Rouge, Louisiana, USA, January 29-February 3, 2008, page 11, 2008.Google Scholar
- F. Saudel and J. Salwan. Triton: A Dynamic Binary Analysis Framework. https://triton.quarkslab.com/, 2013.Google Scholar
- E. Schnarr and J. R. Larus. Fast out-of-order processor simulation using memoization. ACM SIGPLAN Notices, 33 ( 11 ): 283-294, 1998.Google Scholar
- T. Sha, M. M. K. Martin, and A. Roth. Scalable store-load forwarding via store queue index prediction. In 38th Annual IEEE/ACM International Symposium on Microarchitecture, 12-16 November 2005, Barcelona, Spain, pages 159-170, 2005.Google Scholar
Digital Library
- J. U. Skakkebaek, R. B. Jones, and D. L. Dill. Formal verification of out-of-order execution using incremental flushing. In International Conference on Computer Aided Verification, pages 98-109. Springer, 1998.Google Scholar
Cross Ref
- J. E. Smith and A. R. Pleszkun. Implementation of precise interrupts in pipelined processors. In Proceedings of the 12th Annual Symposium on Computer Architecture, Boston, MA, USA, June 1985, pages 36-44, 1985.Google Scholar
Digital Library
- N. Stephens, J. Grosen, C. Salls, A. Dutcher, R. Wang, J. Corbetta, Y. Shoshitaishvili, C. Kruegel, and G. Vigna. Driller: Augmenting fuzzing through selective symbolic execution. In 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21-24, 2016, 2016.Google Scholar
Cross Ref
- Tegra. Kernel tree for NVIDIA Tegra family SOICs on Android. https://android.googlesource.com/kernel/tegra/+/android8.1.0_r0.113/crypto, 2018.Google Scholar
- G. Wang, S. Chattopadhyay, A. K. Biswas, T. Mitra, and A. Roychoudhury. Kleespectre: Detecting information leakage through speculative cache attacks via symbolic execution. ACM Trans. Softw. Eng. Methodol., 29 ( 3 ): 14 : 1-14 : 31, 2020. doi: 10.1145/3385897. URL https://doi.org/10.1145/3385897. Google Scholar
Digital Library
- S. Wang, P. Wang, X. Liu, D. Zhang, and D. Wu. Cached: Identifying cache-based timing channels in production software. In E. Kirda and T. Ristenpart, editors, 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16-18, 2017, pages 235-252. USENIX Association, 2017.Google Scholar
- S. Wang, Y. Bao, X. Liu, P. Wang, D. Zhang, and D. Wu. Identifying cache-based side channels through secret-augmented abstract interpretation. In 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019, pages 657-674, 2019.Google Scholar
- O. Weisse, J. Van Bulck, M. Minkin, D. Genkin, B. Kasikci, F. Piessens, M. Silberstein, R. Strackx, T. F. Wenisch, and Y. Yarom. Foreshadow-NG: Breaking the virtual memory abstraction with transient out-of-order execution. Technical report, 2018.Google Scholar
- J. Wichelmann, A. Moghimi, T. Eisenbarth, and B. Sunar. Microwalk: A framework for finding side channels in binaries. In Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC 2018, San Juan, PR, USA, December 03-07, 2018, pages 161-173, 2018.Google Scholar
Digital Library
- R. Wilhelm, S. Altmeyer, C. Burguière, D. Grund, J. Herter, J. Reineke, B. Wachter, and S. Wilhelm. Static timing analysis for hard real-time systems. In International Workshop on Verification, Model Checking, and Abstract Interpretation, pages 3-22, 2010.Google Scholar
Digital Library
- M. Wu and C. Wang. Abstract interpretation under speculative execution. In ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 57-69, 2019.Google Scholar
Digital Library
- Y. Xiao, M. Li, S. Chen, and Y. Zhang. Stacco: Diferentially analyzing side-channel traces for detecting ssl/tls vulnerabilities in secure enclaves. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS '17, page 859-874, New York, NY, USA, 2017. Association for Computing Machinery. ISBN 9781450349468. doi: 10.1145/3133956.3134016. URL https://doi.org/10.1145/3133956.3134016. Google Scholar
Digital Library
- Y. Yang, X. Chen, G. Gopalakrishnan, and R. M. Kirby. Eficient stateful dynamic partial order reduction. In Model Checking Software, 15th International SPIN Workshop, Los Angeles, CA, USA, August 10-12, 2008, Proceedings, pages 288-305, 2008.Google Scholar
- Y. Yang, X. Chen, G. Gopalakrishnan, and R. M. Kirby. Distributed dynamic partial order reduction. STTT, 12 ( 2 ): 113-122, 2010.Google Scholar
- Y. Yarom and K. Falkner. FLUSH+ RELOAD: A high resolution, low noise, L3 cache side-channel attack. In Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., pages 719-732, 2014.Google Scholar
- J. Yu, L. Hsiung, M. E. Hajj, and C. W. Fletcher. Data oblivious ISA extensions for side channel-resistant and high performance computing. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24-27, 2019, 2019.Google Scholar
Cross Ref
- Y. Zhang, A. Juels, A. Oprea, and M. K. Reiter. Homealone: Co-residency detection in the cloud via side-channel analysis. In 2011 IEEE symposium on security and privacy, pages 313-328. IEEE, 2011.Google Scholar
Digital Library
Index Terms
Exposing cache timing side-channel leaks through out-of-order symbolic execution
Recommendations
Implementing a 1GHz four-issue out-of-order execution microprocessor in a standard cell ASIC methodology
This paper introduces the microarchitecture and physical implementation of the Godson-2E processor, which is a four-issue superscalar RISC processor that supports the 64-bit MIPS instruction set. The adoption of the aggressive out-of-order execution and ...
Symbolic Predictive Cache Analysis for Out-of-Order Execution
Fundamental Approaches to Software EngineeringAbstractWe propose a trace-based symbolic method for analyzing cache side channels of a program under a CPU-level optimization called out-of-order execution (OOE). The method is predictive in that it takes the in-order execution trace as input and then ...
Reducing the performance impact of instruction cache misses by writing instructions into the reservation stations out-of-order
MICRO 30: Proceedings of the 30th annual ACM/IEEE international symposium on MicroarchitectureIn conventional processors, each instruction cache fetch brings in a group of instructions. Upon encountering an instruction cache miss, the processor will wait until the instruction cache miss is serviced before continuing to fetch any new ...






Comments