2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE) 2019

DOI: 10.1109/icse.2019.00034

|View full text |Cite

|

Sign up to set email alerts

|

DifFuzz: Differential Fuzzing for Side-Channel Analysis

Shirin Nilizadeh

¹

,

²

,

Corina S. Păsăreanu

³

Abstract: Side-channel attacks allow an adversary to uncover secret program data by observing the behavior of a program with respect to a resource, such as execution time, consumed memory or response size. Side-channel vulnerabilities are difficult to reason about as they involve analyzing the correlations between resource usage over multiple program paths. We present DIFFUZZ, a fuzzing-based approach for detecting side-channel vulnerabilities related to time and space. DIFFUZZ automatically detects these vulnerabilitie… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...

Related Work5

Citation Types

Supporting

0

Mentioning

69

Contrasting

0

Year Published

2019

2019

2023

2023

Publication Types

Select...

Book5

Relationship

Self Cite1

Independent4

Authors

Journals

Cited by 77 publications

(74 citation statements)

References 33 publications

(60 reference statements)

Supporting

0

Mentioning

69

Contrasting

0

Order By: Relevance

“…The works [23,50] Dynamic Analysis for Side-Channel Detections. Dynamic analysis has been used for side-channel detections [38,41,42]. Diffuzz [41] is a fuzzing techniques for finding side channels.…”

Section: Related Workmentioning

confidence: 99%

“…Dynamic analysis has been used for side-channel detections [38,41,42]. Diffuzz [41] is a fuzzing techniques for finding side channels. The approach extends AFL [1] and KELINCI [28] fuzzers to detect side channels.…”

Section: Related Workmentioning

confidence: 99%

“…The goal of Diffuzz is to maximize the following objective: δ = |c(p, s 1 ) − c(p, s 2 )|, that is, to find two distinct secret values s 1 , s 2 and a public value p that give the maximum cost (c) difference. The work [41] uses the noninterference notion of side channel leaks. Therefore, they do not quantify the amounts of information leaks.…”

Section: Related Workmentioning

confidence: 99%

“…Therefore, they do not quantify the amounts of information leaks. The cost function in [41] is the number of byte-code executed, whereas we consider the actual execution time in a fixed environment. Note that our approach can be used with the abstract cost model such as the byte-code executed in a straight-forward fashion.…”

Section: Related Workmentioning

confidence: 99%

“…Note that our approach can be used with the abstract cost model such as the byte-code executed in a straight-forward fashion. Diffuzz [41] can be combined with our technique to generate inputs and quantify leaks.…”

Section: Related Workmentioning

confidence: 99%

See 4 more Smart Citations

Efficient Detection and Quantification of Timing Leaks with Neural Networks

¹

,

²

,

Sankaranarayanan

³

et al. 2019

Runtime Verification

View full text Add to dashboard Cite

Detection and quantification of information leaks through timing side channels are important to guarantee confidentiality. Although static analysis remains the prevalent approach for detecting timing side channels, it is computationally challenging for real-world applications. In addition, the detection techniques are usually restricted to "yes" or "no" answers. In practice, real-world applications may need to leak information about the secret. Therefore, quantification techniques are necessary to evaluate the resulting threats of information leaks. Since both problems are very difficult or impossible for static analysis techniques, we propose a dynamic analysis method. Our novel approach is to split the problem into two tasks. First, we learn a timing model of the program as a neural network. Second, we analyze the neural network to quantify information leaks. As demonstrated in our experiments, both of these tasks are feasible in practice -making the approach a significant improvement over the state-of-the-art side channel detectors and quantifiers. Our key technical contributions are (a) a neural network architecture that enables side channel discovery and (b) an MILP-based algorithm to estimate the side-channel strength. On a set of micro-benchmarks and real-world applications, we show that neural network models learn timing behaviors of programs with thousands of methods. We also show that neural networks with thousands of neurons can be efficiently analyzed to detect and quantify information leaks through timing side channels.

“…The works [23,50] Dynamic Analysis for Side-Channel Detections. Dynamic analysis has been used for side-channel detections [38,41,42]. Diffuzz [41] is a fuzzing techniques for finding side channels.…”

Section: Related Workmentioning

confidence: 99%

“…Dynamic analysis has been used for side-channel detections [38,41,42]. Diffuzz [41] is a fuzzing techniques for finding side channels. The approach extends AFL [1] and KELINCI [28] fuzzers to detect side channels.…”

Section: Related Workmentioning

confidence: 99%

“…The goal of Diffuzz is to maximize the following objective: δ = |c(p, s 1 ) − c(p, s 2 )|, that is, to find two distinct secret values s 1 , s 2 and a public value p that give the maximum cost (c) difference. The work [41] uses the noninterference notion of side channel leaks. Therefore, they do not quantify the amounts of information leaks.…”

Section: Related Workmentioning

confidence: 99%

“…Therefore, they do not quantify the amounts of information leaks. The cost function in [41] is the number of byte-code executed, whereas we consider the actual execution time in a fixed environment. Note that our approach can be used with the abstract cost model such as the byte-code executed in a straight-forward fashion.…”

Section: Related Workmentioning

confidence: 99%

“…Note that our approach can be used with the abstract cost model such as the byte-code executed in a straight-forward fashion. Diffuzz [41] can be combined with our technique to generate inputs and quantify leaks.…”

Section: Related Workmentioning

confidence: 99%

See 3 more Smart Citations

Efficient Detection and Quantification of Timing Leaks with Neural Networks

¹

,

²

,

Sankaranarayanan

³

et al. 2019

Runtime Verification

View full text Add to dashboard Cite

Detection and quantification of information leaks through timing side channels are important to guarantee confidentiality. Although static analysis remains the prevalent approach for detecting timing side channels, it is computationally challenging for real-world applications. In addition, the detection techniques are usually restricted to "yes" or "no" answers. In practice, real-world applications may need to leak information about the secret. Therefore, quantification techniques are necessary to evaluate the resulting threats of information leaks. Since both problems are very difficult or impossible for static analysis techniques, we propose a dynamic analysis method. Our novel approach is to split the problem into two tasks. First, we learn a timing model of the program as a neural network. Second, we analyze the neural network to quantify information leaks. As demonstrated in our experiments, both of these tasks are feasible in practice -making the approach a significant improvement over the state-of-the-art side channel detectors and quantifiers. Our key technical contributions are (a) a neural network architecture that enables side channel discovery and (b) an MILP-based algorithm to estimate the side-channel strength. On a set of micro-benchmarks and real-world applications, we show that neural network models learn timing behaviors of programs with thousands of methods. We also show that neural networks with thousands of neurons can be efficiently analyzed to detect and quantify information leaks through timing side channels.

Evolutionary Grammar-Based Fuzzing

¹

,

²

,

³

et al. 2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

No abstract

Using a Guided Fuzzer and Preconditions to Achieve Branch Coverage with Valid Inputs

¹

,

²

,

³

2021

Tests and Proofs

View full text Add to dashboard Cite

No abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Product

Browser Extension Assistant by scite Citation Statement Search Reference Check Visualizations Dashboards Explore Journals Explore Organizations Explore Funders Embedding Badge Embedding Citation Search Pricing

Resources

Blog Help & FAQ Accessibility Statement API Terms For Universities & Governments For Researchers For Publishers For Corporate, Pharma & Enterprise Author Marketing Become an Affiliate Get an organization trial or quote scite Data & Services

About

News & Press Careers Read our Paper Coverage

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Copyright © 2024 scite LLC. All rights reserved.

Made with 💙 for researchers

Part of the Research Solutions Family.