Abstract
We present efficient algorithms for time-sensitive control dependencies (CDs). If statement y is time-sensitively control dependent on statement x , then x decides not only whether y is executed but also how many timesteps after x . If y is not standard control dependent on x , but time-sensitively control dependent, then y will always be executed after x , but the execution time between x and y varies. This allows us to discover, e.g., timing leaks in security-critical software. We systematically develop properties and algorithms for time-sensitive CDs, as well as for nontermination-sensitive CDs. These work not only for standard control flow graphs (CFGs) but also for CFGs lacking a unique exit node (e.g., reactive systems). We show that Cytron’s efficient algorithm for dominance frontiers [ 10 ] can be generalized to allow efficient computation not just of classical CDs but also of time-sensitive and nontermination-sensitive CDs. We then use time-sensitive CDs and time-sensitive slicing to discover cache timing leaks in an AES implementation. Performance measurements demonstrate scalability of the approach.
Highlights
INTRODUCTIONTiming Leaks are a major source of software security problems today. Attacks based on timing leaks such as Spectre [22] have become known to the general public
AND OVERVIEWTiming Leaks are a major source of software security problems today
We focus on algorithms for →tscd and use a different security example: In Section 4, we will analyse an implementation of the AES cryptographic standard and discover cache leaks in this implementation
Summary
Timing Leaks are a major source of software security problems today. Attacks based on timing leaks such as Spectre [22] have become known to the general public. Y is timing sensitively control dependent on x, written x →tscd y, if x decides when y will be executed. We focus on algorithms for →tscd and use a different security example: In Section 4, we will analyse an implementation of the AES cryptographic standard and discover cache leaks in this implementation. These infamous cache leaks have been known for some time [4], but so far no program analysis tool was able to discover such leaks.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
