Abstract

SummaryAdversaries can compute the secret information of a program, such as the key for encryption routines, from side channels in the light of timing‐based and access‐based CPU cache behaviours. As a result, it is crucial to understand whether a program is vulnerable to side‐channel cache leakage or not. Yet how we can find out such a vulnerability in a program remains a problem. In this paper, we revisit this problem and contemplate a test‐generation methodology, which, in both timing‐based and access‐based dimensions, systematically discovers the cache side‐channel leakage of an arbitrary software program. At the core of our test‐generation framework is an algorithm that explores the program's input space and adapts at runtime according to observed cache performance in the executed tests. We have implemented our test generator for timing‐based and access‐based attack tests and evaluated it with open‐source subject programs, including ones from OPENSSL and Linux GDK libraries. Our extensive evaluation effectively discloses the vulnerabilities of these real‐world software to both timing‐based and access‐based cache attacks. We also empirically show that our test generator achieves higher and comparable effectiveness, respectively, in simulations and real hardware platforms with regard to revealing cache side‐channel leakage than do state‐of‐the‐art fuzz testing tools.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.