SideTrail: Verifying Time-Balancing of Cryptosystems

Athanasiou, Konstantinos; Cook, Byron; Emmi, Michael; MacCárthaigh, Colm; Schwartz-Narbonne, Daniel; Tasiran, Serdar

doi:10.1007/978-3-030-03592-1_12

Cited by 12 publications

(7 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The work that is closest to ours is [6], where the authors use another relaxation of the CCT policy called time balancing and defined as negligibly influenced by secrets. To ensure that a program respects this policy, a global timing counter is added to measure the timing differences between branchings.…”

Section: A Timing Non-interferencementioning

confidence: 99%

Secure Compilation of Constant-Resource Programs

Barthe

Blazy

Hutin

et al. 2021

2021 IEEE 34th Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

Observational non-interference (ONI) is a generic information-flow policy for side-channel leakage. Informally, a program is ONI-secure if observing program leakage during execution does not reveal any information about secrets. Formally, ONI is parametrized by a leakage function , and different instances of ONI can be recovered through different instantiations of . One popular instance of ONI is the cryptographic constant-time (CCT) policy, which is widely used in cryptographic libraries to protect against timing and cache attacks. Informally, a program is CCT-secure if it does not branch on secrets and does not perform secret-dependent memory accesses. Another instance of ONI is the constant-resource (CR) policy, a relaxation of the CCT policy which is used in Amazon's s2n implementation of TLS and in several other security applications. Informally, a program is CR-secure if its cost (modelled by a tick operator over an arbitrary semi-group) does not depend on secrets.In this paper, we consider the problem of preserving ONI by compilation. Prior work on the preservation of the CCT policy develops proof techniques for showing that main compiler optimisations preserve the CCT policy. However, these proof techniques critically rely on the fact that the semi-group used for modelling leakage satisfies the property:

show abstract

Section: A Timing Non-interferencementioning

confidence: 99%

Secure Compilation of Constant-Resource Programs

Barthe

Blazy

Hutin

et al. 2021

2021 IEEE 34th Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

show abstract

“…Almeida et al [2] developed a self-composition based methodology for proving constant-time of C programs using Frama-C [14]. The recently developed ct-verif [1] and SideTrail [4] tools apply selective self-composition to verify constant-time and time-balancing, respectively, in C-language cryptographic primitives using the veri er [27]. Yang et al [46] propose lazy self-composition to apply precise reasoning only as a fallback to coarser techniques like taint analysis.…”

Section: Symbolic Analysesmentioning

confidence: 99%

ct-fuzz: Fuzzing for Timing Leaks

Emmi

Ciocarlie

2020

2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST)

Self Cite

View full text Add to dashboard Cite

Testing-based methodologies like fuzzing are able to analyze complex software which is not amenable to traditional formal approaches like veri cation, model checking, and abstract interpretation. Despite enormous success at exposing countless security vulnerabilities in many popular software projects, applications of testing-based approaches have mainly targeted checking traditional safety properties like memory safety. While unquestionably important, this class of properties does not precisely characterize other important security aspects such as information leakage, e.g., through side channels.In this work we extend testing-based software analysis methodologies to twosafety properties, which enables the precise discovery of information leaks in complex software. In particular, we present the ct-fuzz tool, which lends coverageguided greybox fuzzers the ability to detect two-safety property violations. Our approach is capable of exposing violations to any two-safety property expressed as equality between two program traces. Empirically, we demonstrate that ct-fuzz swiftly reveals timing leaks in popular cryptographic implementations.

show abstract

“…The focus of our work is the foundational security of software running in AWS data centers, SDKs, and devices. The breadth of our work includes boot code, 29 network communication protocols, 30 real‐time operating system code, 31,32 an SDK implementing data structures, 6 and an SDK facilitating principled use of cryptographic primitives.…”

Section: Introductionmentioning

confidence: 99%

“…s2n. s2nis a C99 implementation of the TLS/SSL protocols Amazon, including S3, and AWS services 30 . It is that is designed to be simple, small, fast, and with security as a priority.…”

Section: Introductionmentioning

confidence: 99%

Code‐level model checking in the software development workflow at Amazon Web Services

et al. 2021

Self Cite

View full text Add to dashboard Cite

This article describes a style of applying symbolic model checking developed over the course of four years at Amazon Web Services (AWS). Lessons learned are drawn from proving properties of numerous C‐based systems, for example, custom hypervisors, encryption code, boot loaders, and an IoT operating system. Using our methodology, we find that we can prove the correctness of industrial low‐level C‐based systems with reasonable effort and predictability. Furthermore, AWS developers are increasingly writing their own formal specifications. As part of this effort, we have developed a CI system that allows integration of the proofs into standard development workflows and extended the proof tools to provide better feedback to users. All proofs discussed in this article are publicly available on GitHub.

show abstract

SideTrail: Verifying Time-Balancing of Cryptosystems

Cited by 12 publications

References 28 publications

Secure Compilation of Constant-Resource Programs

Secure Compilation of Constant-Resource Programs

ct-fuzz: Fuzzing for Timing Leaks

Code‐level model checking in the software development workflow at Amazon Web Services

Contact Info

Product

Resources

About