Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation 2017
DOI: 10.1145/3062341.3062378
|View full text |Cite
|
Sign up to set email alerts
|

Decomposition instead of self-composition for proving the absence of timing channels

Abstract: We present a novel approach to proving the absence of timing channels. The idea is to partition the program's execution traces in such a way that each partition component is checked for timing attack resilience by a time complexity analysis and that per-component resilience implies the resilience of the whole program. We construct a partition by splitting the program traces at secret-independent branches. This ensures that any pair of traces with the same public input has a component containing both traces. Cr… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
27
0

Year Published

2018
2018
2020
2020

Publication Types

Select...
5
2
1

Relationship

1
7

Authors

Journals

citations
Cited by 65 publications
(28 citation statements)
references
References 44 publications
0
27
0
Order By: Relevance
“…Beyond power side channels, there are techniques for analyzing other types of side channels using logical reasoning [5,26,68], abstract interpretation [12,32], symbolic execution [7,21,48,59,60] and dynamic analysis [70]. As for mitigation, there are techniques that insert masking and other countermeasures either through compilers [1,13,56,73] or through program synthesis tools [19,34].…”
Section: Related Workmentioning
confidence: 99%
“…Beyond power side channels, there are techniques for analyzing other types of side channels using logical reasoning [5,26,68], abstract interpretation [12,32], symbolic execution [7,21,48,59,60] and dynamic analysis [70]. As for mitigation, there are techniques that insert masking and other countermeasures either through compilers [1,13,56,73] or through program synthesis tools [19,34].…”
Section: Related Workmentioning
confidence: 99%
“…As a specific example of the simplified framework, we explore noninterference, a popular relational property for information flow control systems [Antonopoulos et al 2017;Banerjee et al 2016;Clarkson and Schneider 2010;Nanevski et al 2013;Sabelfeld and Myers 2003].…”
Section: Example: Noninterferencementioning
confidence: 99%
“…Sousa and Dillig's [2016] Descartes tool for k-safety properties also creates k copies of the program, but uses lockstep reasoning to improve performance by more tightly coupling the key invariants across the program copies. Recently Antonopoulos et al [2017] propose a tool that obtains better scalability by using a new decomposition of programs instead of using self-composition for k-safety problems.…”
Section: Related Workmentioning
confidence: 99%
“…int arrayInsert(int[] A, int len, int h) { int i=0; 1: while (i < len && A[i] < h) i++; 2: len = shift_array(A, i, 1); A[i] = h; 3: while (i < len) i++; 4: return i; } predicates: i1 = i2, i1 < len1, i2 < len2, A1[i1] < h1, A2[i2] < h2, len1 = len2, len1 = len2 + 1, len2 = len1 + 1 composition: if(pc1 < 3 && (pc2 > 0 || !cond1) && (pc2 == 3||(pc2 == 0 && cond2))) step (1); else if (pc2 < 3 && (pc1 > 0 || !cond2) && (pc1 == 3 || (pc1 == 0 && cond1))) step(2); else step (1,2); In contrast, when verifying the 2-safety property, PDSC directs its search towards a composition function for which an inductive invariant in L does exist. As such, it infers the composition function depicted in Figure 1, as well as an inductive invariant in L. The invariant for this composition implies that i 1 = i 2 at every state.…”
Section: Introductionmentioning
confidence: 99%