Abstract
Noninterference measurement quantifies the secret information that might leak to an adversary from what the adversary can observe and influence about the computation. Static and high-fidelity noninterference measurement has been difficult to scale to complex computations, however. This paper scales a recent framework for noninterference measurement to the open-source RISC-V BOOM core as specified in Verilog, through three key innovations: logically characterizing the core’s execution incrementally, applying specific optimizations between each cycle; permitting information to be declassified, to focus leakage measurement to only secret information that cannot be inferred from the declassified information; and interpreting leakage measurements for the analyst in terms of simple rules that characterize when leakage occurs. Case studies on cache-based side channels generally, and on specific instances including Spectre attacks, show that the resulting toolchain, called DINoMe, effectively scales to this modern processor design.
Supplemental Material
- 2018. Intel Analysis of Speculative Execution Side Channels. Intel Corp.. https://www.intel.com/content/www/us/en/architecture-and-technology/intel-analysis-of-speculative-execution-side-channels-paper.htmlGoogle Scholar
- O. Aciiçmez. 2007. Yet another microarchitectural attack: Exploiting I-cache. In ACM Workshop on Computer Security Architecture. 11–18. https://doi.org/10.1145/1314466.1314469 Google Scholar
Digital Library
- J. B. Almeida, M. Barbosa, G. Barthe, F. Dupressoir, and M. Emmi. 2016. Verifying constant-time implementations. In 25superscript th USENIX Security Symposium. 53–70. Google Scholar
Digital Library
- R. A. Aziz, G. Chu, C. Muise, and P. Stuckey. 2015. #∃ SAT: Projected Model Counting. In 18superscript th International Conference on Theory and Applications of Satisfiability Testing (LNCS). 121–137. https://doi.org/10.1007/978-3-319-24318-4_10 Google Scholar
Cross Ref
- M. Backes, B. Kopf, and A. Rybalchenko. 2009. Automatic discovery and quantification of information leaks. In 30superscript th IEEE Symposium on Security and Privacy. 141–153. https://doi.org/10.1109/SP.2009.18 Google Scholar
Digital Library
- T. Ball, B. Cook, V. Levin, and S. K. Rajamani. 2004. SLAM and Static Driver Verifier: Technology transfer of formal methods inside Microsoft. In 4superscript th International Conference on Integrated Formal Methods (LNCS, Vol. 2999). 1–20. https://doi.org/10.1007/978-3-540-24756-2_1 Google Scholar
Cross Ref
- A. Banerjee, D. A. Naumann, and S. Rosenberg. 2008. Expressive declassification policies and modular static enforcement. In 29superscript th IEEE Symposium on Security and Privacy. 339–353. https://doi.org/10.1109/SP.2008.20 Google Scholar
Digital Library
- G. Barthe, G. Betarte, J. Campo, C. Luna, and D. Pichardie. 2014. System-level non-interference for constant-time cryptography. In 21superscript st ACM Conference on Computer and Communications Security. 1267–1279. https://doi.org/10.1145/2660267.2660283 Google Scholar
Digital Library
- D. J. Bernstein, J. Breitner, D. Genkin, L. G. Bruinderink, N. Heninger, T. Lange, C. V. Vredendaal, and T. Yarom. 2017. Sliding right into disaster: Left-to-right sliding windows leak. In 19superscript th International Conference on Cryptographic Hardware and Embedded Systems (LNCS, Vol. 10529). 555–576. https://doi.org/10.1007/978-3-319-66787-4_27 Google Scholar
Cross Ref
- S. Blazy, D. Pichardie, and A. Trieu. 2019. Verifying constant-time implementations by abstract interpretation. Journal of Computer Security, 27, 1 (2019), 137–163. https://doi.org/10.1007/978-3-319-66402-6_16 Google Scholar
Cross Ref
- C. Celio, P. Chiu, B. Nikolic, D. A. Patterson, and K. Asanovic. 2017. BOOMv2: an open-source out-of-order RISC-V core. In 1superscript st Workshop on Computer Architecture Research with RISC-V (CARRV).Google Scholar
- S. Chakraborty, K. S. Meel, and M. Y. Vardi. 2013. A scalable approximate model counter. In Principles and Practice of Constraint Programming (LNCS, Vol. 8124). 200–216. https://doi.org/10.1007/978-3-642-40627-0_18 Google Scholar
Cross Ref
- P. Chapman and D. Evans. 2011. Automated black-box detection of side-channel vulnerabilities in web applications. In 18superscript th ACM Conference on Computer and Communications Security. 263–274. https://doi.org/10.1145/2046707.2046737 Google Scholar
Digital Library
- S. Chattopadhyay, M. Beck, A. Rezine, and A. Zeller. 2017. Quantifying the Information Leak in Cache Attacks via Symbolic Execution. In 15superscript th ACM International Conference on Formal Methods and Models for System Design. New York, NY, USA. 25–35. isbn:978-1-4503-5093-8 https://doi.org/10.1145/3288758 Google Scholar
Digital Library
- S. Chattopadhyay and A. Roychoudhury. 2018. Symbolic verification of cache side-channel freedom. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 37, 11 (2018), 2812–2823. https://doi.org/10.1109/TCAD.2018.2858402 Google Scholar
Cross Ref
- C. Chen, K. Lin, C. Rudin, Y. Shaposhnik, S. Wang, and T. Wang. 2018. An Interpretable Model with Globally Consistent Explanations for Credit Risk. arxiv:cs.LG/1811.12615.Google Scholar
- T. Chen and C. Guestrin. 2016. Xgboost: A scalable tree boosting system. In 22superscript rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. 785–794. https://doi.org/10.1145/2939672.2939785 Google Scholar
Digital Library
- S. Chong and A. C. Myers. 2004. Security policies for downgrading. In 11superscript th ACM conference on Computer and communications security. 198–209. https://doi.org/10.1145/1030083.1030110 Google Scholar
Digital Library
- W. W. Cohen and Y. Singer. 1999. A simple, fast, and effective rule learner. 16superscript th AAAI Conference on Artificial Intelligence, 99 (1999), 335–342. https://doi.org/10.5555/315149.315320 Google Scholar
Digital Library
- G. Doychev, B. Köpf, L. Mauborgne, and J. Reineke. 2013. CacheAudit: A tool for the static analysis of cache side channels. In 22superscript nd USENIX Security Symposium. 431–446. Google Scholar
Digital Library
- B. Dutertre. 2015. Solving exists/forall problems with yices. In Workshop on satisfiability modulo theories.Google Scholar
- C. Dwork, F. McSherry, K. Nissim, and A. Smith. 2006. Calibrating Noise to Sensitivity in Private Data Analysis. In 3superscript rd Theory of Cryptography Conference (LNCS, Vol. 3876). 265–284. https://doi.org/10.1007/11681878_14 Google Scholar
Digital Library
- J. Fan. 1993. Local linear regression smoothers and their minimax efficiencies. The Annals of Statistics, 196–216. https://doi.org/10.1214/aos/1176349022 Google Scholar
Cross Ref
- R. Fan, K. Chang, C. Hsieh, X. Wang, and C. Lin. 2008. LIBLINEAR: A library for large linear classification. Journal of Machine Learning Research, 9, Aug (2008), 1871–1874. https://doi.org/10.5555/1390681.1442794 Google Scholar
Digital Library
- A. Ferraiuolo, R. Xu, D. Zhang, A. C. Myers, and G.E. Suh. 2017. Verification of a practical hardware security architecture through static information flow analysis. In 22superscript nd International Conference on Architectural Support for Programming Languages and Operating Systems. 555–568. https://doi.org/10.1145/3093337.3037739 Google Scholar
Digital Library
- M. Fokkema. 2020. Fitting Prediction Rule Ensembles with R Package pre. Journal of Statistical Software, 92, 12 (2020), 1–30. issn:1548-7660 https://doi.org/10.18637/jss.v092.i12 Google Scholar
Cross Ref
- J. H. Friedman. 2001. Greedy function approximation: a gradient boosting machine. Annals of Statistics, 1189–1232.Google Scholar
Cross Ref
- J. H. Friedman and B. E. Popescu. 2008. Predictive learning via rule ensembles. The Annals of Applied Statistics, 2, 3 (2008), 916–954. https://doi.org/10.1214/07-AOAS148 Google Scholar
Cross Ref
- R. Giacobazzi and I. Mastroeni. 2004. Abstract non-interference: Parameterizing non-interference by abstract interpretation. ACM SIGPLAN Notices, 39, 1 (2004), 186–197. https://doi.org/10.1145/982962.964017 Google Scholar
Digital Library
- R. Giacobazzi and I. Mastroeni. 2018. Abstract non-interference: a unifying framework for weakening information-flow. ACM Transactions on Privacy and Security (TOPS), 21, 2 (2018), 1–31. https://doi.org/10.1145/3175660 Google Scholar
Digital Library
- K. V. Gleissenthall, R. G. Kıcı, D. Stefan, and R. Jhala. 2019. IODINE: Verifying Constant-Time Execution of Hardware. In 28superscript th USENIX Security Symposium. 1411–1428. isbn:978-1-939133-06-9 Google Scholar
Digital Library
- P. Godefroid, M. Y. Levin, and D. Molnar. 2012. SAGE: Whitebox Fuzzing for Security Testing. Queue, 10, 1 (2012), 20–27. issn:1542-7730 https://doi.org/10.1145/2090147.2094081 Google Scholar
Digital Library
- J. A. Goguen and J. Meseguer. 1982. Security policies and security models. In 3superscript rd IEEE Symposium on Security and Privacy. 11–20. https://doi.org/10.1109/SP.1982.10014 Google Scholar
Cross Ref
- J. W. Gray. 1991. Toward a mathematical foundation for information flow security. In 12superscript nd IEEE Symposium on Security and Privacy. 21–34. https://doi.org/10.1109/RISP.1991.130769 Google Scholar
Cross Ref
- X. Guo, R. G. Dutta, J. He, M. M. Tehranipoor, and Y. Jin. 2019. QIF-Verilog: Quantitative Information-Flow based Hardware Description Languages for Pre-Silicon Security Assessment. In IEEE International Symposium on Hardware Oriented Security and Trust. 91–100. https://doi.org/10.1109/HST.2019.8740840 Google Scholar
Cross Ref
- J. Kelsey. 2002. Compression and information leakage of plaintext. In 9superscript th International Workshop on Fast Software Encryption. 263–276. https://doi.org/10.1007/3-540-45661-9_21 Google Scholar
Digital Library
- P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, and T. Prescher. 2019. Spectre attacks: Exploiting speculative execution. In 40superscript th IEEE Symposium on Security and Privacy. 1–19. https://doi.org/10.1109/SP.2019.00002 Google Scholar
Cross Ref
- M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, A. Fogh, J. Horn, S. Mangard, P. Kocher, S. Genkin, Y. Yarom, and M. Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In 27superscript th USENIX Security Symposium. 973–990. Google Scholar
Digital Library
- P. Malacaria, MHR. Khouzani, C. S. Pasareanu, Q. Phan, and K. Luckow. 2018. Symbolic Side-Channel Analysis for Probabilistic Programs. In 31superscript st IEEE Computer Security Foundations Symposium. 313–327. https://doi.org/10.1109/CSF.2018.00030 Google Scholar
Cross Ref
- M. McCall, H. Zhang, and L. Jia. 2018. Knowledge-Based Security of Dynamic Secrets for Reactive Programs. In 31superscript st IEEE Computer Security Foundations Symposium. 175–188. https://doi.org/10.1109/CSF.2018.00020 Google Scholar
Cross Ref
- C. Molnar. 2019. Interpretable Machine Learning. https://christophm.github.io/interpretable-ml-book/Google Scholar
- S. Nilizadeh, Y. Noller, and C. S. Păsăreanu. 2019. DifFuzz: Differential Fuzzing for Side-Channel Analysis. In 41superscript st International Conference on Software Engineering. 176–187. https://doi.org/10.1109/ICSE.2019.00034 Google Scholar
Digital Library
- O. Oleksii, T. Bohdan, S. Mark, and F. Christof. 2020. SpecFuzz: Bringing Spectre-type vulnerabilities to the surface. In 29superscript th USENIX Security Symposium. Google Scholar
Digital Library
- D. A. Osvik, A. Shamir, and E. Tromer. 2006. Cache attacks and countermeasures: The case of AES. In Topics in Cryptology – CT-RSA (LNCS, Vol. 3860). 1–20. https://doi.org/10.1007/11605805_1 Google Scholar
Digital Library
- C. Percival. 2005. Cache missing for fun and profit. In BSDCan 2005. https://doi.org/10.1.1.187.8383Google Scholar
- Q. Phan and P. Malacaria. 2014. Abstract model counting: A novel approach for quantification of information leaks. In 9superscript th ACM Symposium on Information, Computer and Communications Security. 283–292. https://doi.org/10.1145/2590296.2590328 Google Scholar
Digital Library
- A. Pnueli, Y. Rodeh, O. Strichman, and M. Siegel. 2002. The small model property: How small can it be? Information and Computation, 178, 1 (2002), 279–293. https://doi.org/10.1016/S0890-5401(02)93175-5 Google Scholar
Digital Library
- M. T. Ribeiro, S. Singh, and C. Guestrin. 2016. “Why should I trust you?”: Explaining the predictions of any classifier. In 22superscript nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. 1135–1144. https://doi.org/10.1145/2939672.2939778 Google Scholar
Digital Library
- M. T. Ribeiro, S. Singh, and C. Guestrin. 2018. Anchors: High-precision model-agnostic explanations. In 32superscript rd AAAI Conference on Artificial Intelligence. 1527–1535. https://ojs.aaai.org/index.php/AAAI/article/view/11491Google Scholar
- A. Sabelfeld and A. C. Myers. 2003. A model for delimited information release. In 2superscript nd International Symposium on Software Security – Theories and Systems (LNCS, Vol. 3233). 174–191. https://doi.org/10.1007/978-3-540-37621-7_9 Google Scholar
Cross Ref
- A. Sabelfeld and D. Sands. 2009. Declassification: Dimensions and Principles. Journal of Computer Security, 517–548. https://doi.org/10.5555/1662658.1662659 Google Scholar
Digital Library
- S. Sahai, P. Subramanyan, and R. Sinha. 2020. Verification of Quantitative Hyperproperties Using Trace Enumeration Relations. In 32superscript nd International Conference on Computer Aided Verification (LNCS, Vol. 12224). 201–224. https://doi.org/10.1007/978-3-030-53288-8_11 Google Scholar
Cross Ref
- T. Seidenfeld. 1986. Entropy and uncertainty. Philosophy of Science, 53, 4 (1986), 467–491. https://doi.org/10.1086/289336 Google Scholar
Cross Ref
- G. Smith. 2009. On the Foundations of Quantitative Information Flow. In 12superscript th International Conference on Foundations of Software Science and Computational Structures (LNCS, Vol. 5504). 288–302. https://doi.org/10.1007/978-3-642-00596-1_21 Google Scholar
Cross Ref
- G. Smith. 2011. Quantifying Information Flow Using Min-Entropy. In 8superscript th International Conference on Quantitative Evaluation of Systems. 159–167. https://doi.org/10.1109/QEST.2011.31 Google Scholar
Digital Library
- Dawn Xiaodong Song, David Wagner, and Xuqing Tian. 2001. Timing Analysis of Keystrokes and Timing Attacks on SSH. In 10superscript th USENIX Security Symposium. Google Scholar
Digital Library
- M. Soos and K. S. Meel. 2019. BIRD: Engineering an Efficient CNF-XOR SAT Solver and its Applications to Approximate Model Counting. In 36superscript th AAAI Conference on Artificial Intelligence. 1592–1599. https://doi.org/10.1007/978-3-030-80223-3_37 Google Scholar
Cross Ref
- Qinhan Tan, Zhihua Zeng, Kai Bu, and Kui Ren. 2020. PhantomCache: Obfuscating Cache Conflicts with Localized Randomization. In 27superscript th Network and Distributed System Security Symposium. https://doi.org/10.14722/ndss.2020.24086 Google Scholar
Cross Ref
- T. Wang, T. Wei, Lin Z, and W. Zou. 2009. IntScope: Automatically Detecting Integer Overflow Vulnerability in x86 Binary Using Symbolic Execution. In 16superscript th Network and Distributed System Security Symposium. https://doi.org/10.1007/978-3-642-15497-3_5 Google Scholar
Cross Ref
- Z. Wang and R. B. Lee. 2007. New cache designs for thwarting software cache-based side channel attacks. In 34superscript th International Symposium on Computer Architecture. 494–505. https://doi.org/10.1145/1273440.1250723 Google Scholar
Digital Library
- M. Werner, T. Unterluggauer, L. Giner, M. Schwarz, D. Gruss, and S. Mangard. 2019. ScatterCache: Thwarting Cache Attacks via Cache Set Randomization. In 28superscript th USENIX Security Symposium. Santa Clara, CA. 675–692. isbn:978-1-939133-06-9 Google Scholar
Digital Library
- C. Wolf. [n.d.]. Yosys Open SYnthesis Suite. http://www.clifford.at/yosys/Google Scholar
- Y. Xiao, Y. Zhang, and R. Teodorescu. 2020. SPEECHMINER: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities. In 27superscript th Network and Distributed System Security Symposium. https://doi.org/10.14722/ndss.2020.23105 Google Scholar
Cross Ref
- Y. Yarom and K. E. Falkner. 2014. FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack. In 23superscript rd USENIX Security Symposium. 719–732. Google Scholar
Digital Library
- H. Yasuoka and T. Terauchi. 2014. Quantitative information flow as safety and liveness hyperproperties. Theoretical Computer Science, 538 (2014), 167–182. https://doi.org/10.4204/EPTCS.85.6 Google Scholar
Cross Ref
- D. Zhang, Y. Wang, G. E. Suh, and A. C. Myers. 2015. A Hardware Design Language for Timing-Sensitive Information-Flow Security. In 20superscript th International Conference on Architectural Support for Programming Languages and Operating Systems. Association for Computing Machinery, New York, NY, USA. 503––516. https://doi.org/10.1145/2694344.2694372 Google Scholar
Digital Library
- K. Zhang, Z. Li, R. Wang, X. Wang, and S. Chen. 2010. Sidebuster: Automated detection and quantification of side-channel leaks in web application development. In 17superscript th ACM Conference on Computer and Communications Security. 595–606. https://doi.org/10.1145/1866307.1866374 Google Scholar
Digital Library
- R. Zhang, C. Deutschbein, P. Huang, and C. Sturton. 2018. End-to-End Automated Exploit Generation for Validating the Security of Processor Designs. In 51superscript st IEEE/ACM International Symposium on Microarchitecture. 815––827. https://doi.org/10.1109/MICRO.2018.00071 Google Scholar
Digital Library
- Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. 2012. Cross-VM side channels and their use to extract private keys. In 19superscript th ACM Conference on Computer and Communications Security. 305–316. https://doi.org/10.1145/2382196.2382230 Google Scholar
Digital Library
- Z. Zhou. 2020. Evaluating Information Leakage by Quantitative and Interpretable Measurements. Ph.D. Dissertation. The University of North Carolina at Chapel Hill.Google Scholar
- Z. Zhou, Z.Y Qian, M. K. Reiter, and Y. Zhang. 2018. Static Evaluation of Noninterference using Approximate Model Counting. In 39superscript th IEEE Symposium on Security and Privacy. 514–528. https://doi.org/10.1109/SP.2018.00052 Google Scholar
Cross Ref
- Z. Zhou, M. K. Reiter, and Y. Zhang. 2016. A Software Approach to Defeating Side Channels in Last-Level Caches. In 23superscript rd ACM Conference on Computer and Communications Security. 871–882. https://doi.org/10.1145/2976749.2978324 Google Scholar
Digital Library
Index Terms
Interpretable noninterference measurement and its application to processor designs
Recommendations
Security policies for downgrading
CCS '04: Proceedings of the 11th ACM conference on Computer and communications securityA long-standing problem in information security is how to specify and enforce expressive security policies that control information flow while also permitting information release (i.e., declassification) where appropriate. This paper presents security ...
Enforcing robust declassification and qualified robustness
Special issue on CSFW17Noninterference requires that there is no information flow from sensitive to public data in a given system. However, many systems release sensitive information as part of their intended function and therefore violate noninterference. To control ...
Required Information Release
CSF '10: Proceedings of the 2010 23rd IEEE Computer Security Foundations SymposiumMany computer systems have a functional requirement to release information. Such requirements are an important part of a system’s information security requirements. Current information-flow control techniques are able to reason about permitted ...






Comments