Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering 2020
DOI: 10.1145/3377811.3380432
|View full text |Cite
|
Sign up to set email alerts
|

JVM fuzzing for JIT-induced side-channel detection

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
5
1

Year Published

2021
2021
2024
2024

Publication Types

Select...
7
3

Relationship

1
9

Authors

Journals

citations
Cited by 24 publications
(6 citation statements)
references
References 31 publications
0
5
1
Order By: Relevance
“…Side Channels from Compiler Optimization. Brennan et al [6] show potential timing leaks induced from JIT optimizations via actual runtime observations, which is different than our analysis based on vulnerabilities in the source code. We opted to count the bytecode, instead of actual execution times, since the metric is substantially used in the related work for a fair comparison and is often sufficient for our analysis of side channels in code.…”
Section: Related Workcontrasting
confidence: 92%
“…Side Channels from Compiler Optimization. Brennan et al [6] show potential timing leaks induced from JIT optimizations via actual runtime observations, which is different than our analysis based on vulnerabilities in the source code. We opted to count the bytecode, instead of actual execution times, since the metric is substantially used in the related work for a fair comparison and is often sufficient for our analysis of side channels in code.…”
Section: Related Workcontrasting
confidence: 92%
“…For example, if a secret is the variable a in the statement 'i f (a > 0){...}else{...}', one can observe the execution time of the then-branch and else-branch to tell whether the value of a is larger than zero. A special kind of side channels is called JIT-induced side channels, which is caused by Just-In-Time (JIT) optimization [25]. Similar to the aforementioned Spectre-type bugs, one can repeatedly run programs to train the JIT compiler to optimize the execution time of either the then-branch or the else-branch.…”
Section: Algorithmic Complexitymentioning
confidence: 99%
“…Test Generation. Fuzz testing generates new inputs by mutating previous inputs to expose unseen program behavior and it has been highly effective in revealing various bugs, including correctness bugs [10,44,45,64,65], security vulnerabilities [11,18], and performance bugs [58]. One important angle to push test generation towards hard-to-reach corners or specific error types is to encode diverse feedback information as a fuzzing guidance metric.…”
Section: Limitationsmentioning
confidence: 99%