More Web Proxy on the site http://driver.im/

research-article

Sparse representation of implicit flows with applications to side-channel detection

Authors:

Bruno Rodrigues,

Fernando Magno Quintão Pereira,

Diego F. AranhaAuthors Info & Claims

CC '16: Proceedings of the 25th International Conference on Compiler Construction

Pages 110 - 120

https://doi.org/10.1145/2892208.2892230

Published: 17 March 2016 Publication History

Abstract

Information flow analyses traditionally use the Program Dependence Graph (PDG) as a supporting data-structure. This graph relies on Ferrante et al.'s notion of control dependences to represent implicit flows of information. A limitation of this approach is that it may create O(|I| x |E|) implicit flow edges in the PDG, where I are the instructions in a program, and E are the edges in its control flow graph. This paper shows that it is possible to compute information flow analyses using a different notion of implicit dependence, which yields a number of edges linear on the number of definitions plus uses of variables. Our algorithm computes these dependences in a single traversal of the program's dominance tree. This efficiency is possible due to a key property of programs in Static Single Assignment form: the definition of a variable dominates all its uses. Our algorithm correctly implements Hunt and Sands system of security types. Contrary to their original formulation, which required O(IxI) space and time for structured programs, we require only O(I). We have used our ideas to build FlowTracker, a tool that uncovers side-channel vulnerabilities in cryptographic algorithms. FlowTracker handles programs with over one-million assembly instructions in less than 200 seconds, and creates 24% less implicit flow edges than Ferrante et al.'s technique. FlowTracker has detected an issue in a constant-time implementation of Elliptic Curve Cryptography; it has found several time-variant constructions in OpenSSL, one issue in TrueCrypt and it has validated the isochronous behavior of the NaCl library.

References

[1]

O. Aciic¸mez, c. K. Koc¸, and J.-P. Seifert. On the power of simple branch prediction analysis. In ASIACCS, pages 312–320. ACM, 2007.

[2]

J. Agat. Transforming out timing leaks. In POPL, pages 40–53. ACM, 2000.

Digital Library

[3]

J. B. Almeida, M. Barbosa, J. S. Pinto, and B. Vieira. Formal verification of side-channel countermeasures using self-composition. Science of Computer Programming, 78(7):796–812, 2013.

Digital Library

[4]

A. W. Appel and J. Palsberg. Modern Compiler Implementation in Java. Cambridge University Press, 2nd edition, 2002.

Digital Library

[5]

G. Barthe, D. Pichardie, and T. Rezk. A certified lightweight noninterference Java bytecode verifier. Mathematical Structures in Computer Science, 23(5):1032–1081, 2013.

[6]

D. J. Bernstein. Cache-timing attacks on AES, 2004. URL: http://cr.yp.to/papers.html#cachetiming.

[7]

D. J. Bernstein. Curve25519: new Diffie-Hellman speed records. In PKC, pages 207–228. Springer, 2006.

Digital Library

[8]

D. J. Bernstein, T. Lange, and P. Schwabe. The security impact of a new cryptographic library. In Progress in Cryptology – LATINCRYPT, pages 159–176. Springer, 2012.

Digital Library

[9]

G. Bian, K. Nakayama, Y. Kobayashi, and M. Maekawa. Java bytecode dependence analysis for secure information flow. I. J. Network Security, 4(1):59–68, 2007.

[10]

B. Boissinot, S. Hack, D. Grund, B. D. de Dinechin, and F. Rastello. Fast liveness checking for SSA-form programs. In CGO, pages 35–44. IEEE, 2008.

Digital Library

[11]

J.-D. Choi, R. Cytron, and J. Ferrante. Automatic construction of sparse data flow evaluation graphs. In POPL, pages 55–66. ACM, 1991.

Digital Library

[12]

R. Cytron, J. Ferrante, and V. Sarkar. Compact representations for control dependence. In PLDI, pages 337–351. ACM, 1990.

Digital Library

[13]

R. Cytron, J. Ferrante, B. Rosen, M. Wegman, and F. Zadeck. Efficiently computing static single assignment form and the control dependence graph. TOPLAS, 13(4):451–490, 1991.

Digital Library

[14]

D. E. Denning and P. J. Denning. Certification of programs for secure information flow. Commun. ACM, 20:504–513, 1977.

Digital Library

[15]

H. Eldib, C. Wang, M. Taha, and P. Schaumont. QMS: Evaluating the side-channel resistance of masked software from source code. In DAC, pages 209:1–209:6. ACM, 2014.

Digital Library

[16]

J. Ferrante, K. J. Ottenstein, and J. D. Warren. The program dependence graph and its use in optimization. TOPLAS, 9(3):319–349, 1987.

Digital Library

[17]

C. Hammer and G. Snelting. Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs. Int. J. Inf. Secur., 8(6):399–422, 2009.

Digital Library

[18]

C. Hammer, J. Krinke, and F. Nodes. Intransitive noninterference in dependence graphs. In ISOLA, pages 119–128. IEEE, 2006.

Digital Library

[19]

S. Horwitz, J. Prins, and T. Reps. On the adequacy of program dependence graphs for representing programs. In POPL, pages 146– 157. ACM, 1988.

Digital Library

[20]

Y.-W. Huang, F. Yu, C. Hang, C.-H. Tsai, D. T. Lee, and S.-Y. Kuo. Securing web application code by static analysis and runtime protection. In WWW, pages 40–51, 2004.

Digital Library

[21]

S. Hunt and D. Sands. On flow-sensitive security types. In POPL, pages 79–90. ACM, 2006.

Digital Library

[22]

R. Johnson and K. Pingali. Dependence-based program analysis. In PLDI, pages 78–89. ACM, 1993.

Digital Library

[23]

R. Johnson, D. Pearson, and K. Pingali. The program tree structure. In PLDI, pages 171–185. ACM, 1994.

[24]

P. C. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In CRYPTO, pages 104–113. Springer, 1996.

Digital Library

[25]

C. Lattner and V. S. Adve. LLVM: A compilation framework for lifelong program analysis & transformation. In CGO, pages 75––88. IEEE, 2004.

Digital Library

[26]

J. L´opez and R. Dahab. Fast Multiplication on Elliptic Curves over GF(2 m ) without Precomputation. In CHES, volume 1717 of LNCS, pages 316–327. Springer, 1999.

Digital Library

[27]

S. Lortz, H. Mantel, A. Starostin, T. Bähr, D. Schneider, and A. Weber. Cassandra: Towards a certifying app store for android. In SPSM, pages 93–104. ACM, 2014.

Digital Library

[28]

A. Lux and A. Starostin. A tool for static detection of timing channels in java. Journal of Cryptographic Engineering, 1(4):303–313, 2011.

[29]

D. Molnar, M. Piotrowski, D. Schultz, and D. Wagner. The program counter security model: Automatic detection and removal of controlflow side channel attacks. In ICISC, pages 156–168. Springer, 2006.

Digital Library

[30]

H. Oh, K. Heo, W. Lee, W. Lee, and K. Yi. Design and implementation of sparse global analyses for c-like languages. In PLDI, pages 1–11. ACM, 2012.

Digital Library

[31]

T. Oliveira, J. L´opez, D. F. Aranha, and F. Rodr´ıguez-Henr´ıquez. Two is the fastest prime: lambda coordinates for binary elliptic curves. J. Cryptographic Engineering, 4(1):3–17, 2014.

[32]

D. A. Osvik, A. Shamir, and E. Tromer. Cache attacks and countermeasures: the case of AES. In Topics in Cryptology–CT-RSA, pages 1–20. Springer, 2006.

Digital Library

[33]

K. J. Ottenstein, R. A. Ballance, and A. B. MacCabe. The program dependence web: a representation supporting control-, data-, and demand-driven interpretation of imperative languages. In PLDI, pages 257–271. ACM, 1990.

Digital Library

[34]

F. M. Q. Pereira and J. Palsberg. SSA elimination after register allocation. In CC, pages 158 – 173, 2009.

Digital Library

[35]

K. Pingali and G. Bilardi. Optimal control dependence computation and the roman chariots problem. In TOPLAS, pages 462–491. ACM, 1997.

Digital Library

[36]

V. P. Ranganath, T. Amtoft, A. Banerjee, J. Hatcliff, and M. B. Dwyer. A new foundation for control dependence and slicing for modern program structures. TOPLAS, 29(5), 2007.

Digital Library

[37]

F. Rastello. SSA-based Compiler Design. Springer, 1st edition, 2015.

[38]

T. Reps and W. Yang. The semantics of program slicing. Technical report, University of Wisconsin – Madison, 1988.

[39]

A. Rimsa, M. d’Amorim, F. M. Q. Pereira, and R. da Silva Bigonha. Efficient static checker for tainted variable attacks. Sci. Comput. Program., 80:91–105, 2014.

Digital Library

[40]

A. Russo and A. Sabelfeld. Dynamic vs. static flow-sensitive security analysis. In CSF, pages 186–199. IEEE Computer Society, 2010.

Digital Library

[41]

G. Snelting. Combining slicing and constraint solving for validation of measurement software. In SAS, pages 332–348. Springer, 1996.

Digital Library

[42]

V. C. Sreedhar and G. R. Gao. A linear time algorithm for placing φ-nodes. In POPL, pages 62–73. ACM, 1995.

Digital Library

[43]

V. C. Sreedhar, R. D. ching Ju, D. M. Gillies, and V. Santhanam. Translating out of static single assignment form. In SAS, pages 194– 210. Springer, 1999.

Digital Library

[44]

M. Taghdiri, G. Snelting, and C. Sinz. Information flow analysis via path condition refinement. In FAST, pages 65–79. Springer, 2011.

Digital Library

[45]

A. Tavares, B. Boissinot, F. Pereira, and F. Rastello. Parameterized construction of program representations for sparse dataflow analyses. In CC, pages 2–21. Springer, 2014.

[46]

D. Wasserrab, D. Lohner, and G. Snelting. On pdg-based noninterference and its modular proof. In PLAS, pages 31–44. ACM, 2009.

Digital Library

[47]

Y. Yarom and N. Benger. Recovering openssl ECDSA nonces using the FLUSH+RELOAD cache side-channel attack. Cryptology ePrint Archive, Report 2014/140, 2014. http://eprint.iacr.org/.

[48]

R. Zhang, S. Huang, Z. Qi, and H. Guan. Combining static and dynamic analysis to discover software vulnerabilities. In IMIS, pages 175–181. IEEE Computer Society, 2011.

Digital Library

[49]

J. Zhao, S. Nagarakatte, M. M. K. Martin, and S. Zdancewic. Formal verification of ssa-based optimizations for llvm. In PLDI, pages 175– 186. ACM, 2013.

Digital Library

Cited By

Spence ABangay S(2024)Domain-Agnostic Representation of Side-ChannelsEntropy10.3390/e2608068426:8(684)Online publication date: 13-Aug-2024
https://doi.org/10.3390/e26080684
Ruan HNoller YTizpaz-Niari SChattopadhyay SRoychoudhury A(2024)Timing Side-Channel Mitigation via Automated Program RepairACM Transactions on Software Engineering and Methodology10.1145/367816933:8(1-27)Online publication date: 16-Jul-2024
https://dl.acm.org/doi/10.1145/3678169
Deutschmann LMüller JFadiheh MStoffel DKunz W(2024)A Scalable Formal Verification Methodology for Data-Oblivious HardwareIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.337424943:9(2551-2564)Online publication date: 7-Mar-2024
https://dl.acm.org/doi/10.1109/TCAD.2024.3374249
Show More Cited By

Index Terms

Sparse representation of implicit flows with applications to side-channel detection
1. Software and its engineering
  1. Software notations and tools
    1. Compilers
    2. General programming languages

Recommendations

Static Information Flow Analysis with Handling of Implicit Flows and a Study on Effects of Implicit Flows vs Explicit Flows
CSMR '10: Proceedings of the 2010 14th European Conference on Software Maintenance and Reengineering

Reasoning about information flow can help software engineering. Static information flow inference analysis is a technique which automatically infers information flows based on data or control dependence. It can be utilized for the purposes of general ...
Practical Integrated Analysis of Pointers, Dataflow and Control Flow

This article presents a family of static analyses to determine pointer targets, control flow, and dataflow in combination. The integrated solution to these mutually dependent problems approaches the result from the optimistic side. It is a general ...
Interprocedural induction variable analysis based on interprocedural SSA form IR
PASTE '10: Proceedings of the 9th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering

The induction variable analysis is a fundamental component of loop optimizations in compilers. Algorithms in literature and implementations in free-source compilers such as GCC and LLVM rely on SSA form IR. However, only the uses of scalar stack ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CC '16: Proceedings of the 25th International Conference on Compiler Construction

March 2016

270 pages

ISBN:9781450342414

DOI:10.1145/2892208

General Chair:
Ayal Zaks
Intel, Israel / Technion, Israel
,
Program Chair:
Manuel Hermenegildo
IMDEA SW Institute, Spain / T.U. Madrid-UPM, Spain

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

In-Cooperation

IEEE-CS: Computer Society

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 March 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CGO '16

Sponsor:

CGO '16: 14th Annual IEEE/ACM International Symposium on Code Generation and Optimization

March 17 - 18, 2016

Barcelona, Spain

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

56
Total Citations
View Citations
383
Total Downloads

Downloads (Last 12 months)56
Downloads (Last 6 weeks)4

Reflects downloads up to 23 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Spence ABangay S(2024)Domain-Agnostic Representation of Side-ChannelsEntropy10.3390/e2608068426:8(684)Online publication date: 13-Aug-2024
https://doi.org/10.3390/e26080684
Ruan HNoller YTizpaz-Niari SChattopadhyay SRoychoudhury A(2024)Timing Side-Channel Mitigation via Automated Program RepairACM Transactions on Software Engineering and Methodology10.1145/367816933:8(1-27)Online publication date: 16-Jul-2024
https://dl.acm.org/doi/10.1145/3678169
Deutschmann LMüller JFadiheh MStoffel DKunz W(2024)A Scalable Formal Verification Methodology for Data-Oblivious HardwareIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.337424943:9(2551-2564)Online publication date: 7-Mar-2024
https://dl.acm.org/doi/10.1109/TCAD.2024.3374249
Zhao YXue WChen WQiang WZou DJin H(2024)Owl: Differential-Based Side-Channel Leakage Detection for CUDA Applications2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00044(362-376)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00044
Minkin MKasikci B(2024)ZipChannel: Cache Side-Channel Vulnerabilities in Compression Algorithms2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00033(223-237)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00033
Tol MSunar B(2024)ZeroLeak: Automated Side-Channel Patching in Source Code Using LLMsComputer Security – ESORICS 202410.1007/978-3-031-70879-4_15(290-310)Online publication date: 16-Sep-2024
https://dl.acm.org/doi/10.1007/978-3-031-70879-4_15
Raimondi GBesson FJensen T(2023)Type-directed Program Transformation for Constant-Time EnforcementProceedings of the 25th International Symposium on Principles and Practice of Declarative Programming10.1145/3610612.3610618(1-13)Online publication date: 22-Oct-2023
https://dl.acm.org/doi/10.1145/3610612.3610618
Soares LCanesche MPereira F(2023)Side-channel Elimination via Partial Control-flow LinearizationACM Transactions on Programming Languages and Systems10.1145/359473645:2(1-43)Online publication date: 26-Jun-2023
https://dl.acm.org/doi/10.1145/3594736
Daniel LBardin SRezk T(2023)Binsec/Rel: Symbolic Binary Analyzer for Security with Applications to Constant-Time and Secret-ErasureACM Transactions on Privacy and Security10.1145/356303726:2(1-42)Online publication date: 14-Apr-2023
https://dl.acm.org/doi/10.1145/3563037
Chakraborty PSuha TBhunia S(2023)Hardware Specification Aware Timing Side Channel Security Analysis2023 IEEE 36th International System-on-Chip Conference (SOCC)10.1109/SOCC58585.2023.10256749(1-6)Online publication date: 5-Sep-2023
https://doi.org/10.1109/SOCC58585.2023.10256749
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents