Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/165415
Title: Cache refinement type for side-channel detection of cryptographic software
Authors: Jiang, Ke
Bao, Yuyan
Wang, Shuai
Liu, Zhibo
Zhang, Tianwei
Keywords: Engineering::Computer science and engineering
Issue Date: 2022
Source: Jiang, K., Bao, Y., Wang, S., Liu, Z. & Zhang, T. (2022). Cache refinement type for side-channel detection of cryptographic software. 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS 2022), 1583-1597. https://dx.doi.org/10.1145/3548606.3560672
Project: NRF2018 NCR-NCR009-0001 
RS02/19 
NTU-SUG 
Conference: 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS 2022)
Abstract: Cache side-channel attacks exhibit severe threats to software security and privacy, especially for cryptosystems. In this paper, we propose CaType, a novel refinement type-based tool for detecting cache side channels in crypto software. Compared to previous works, CaType provides the following advantages: (1) For the first time CaType analyzes cache side channels using refinement type over x86 assembly code. It reveals several significant and effective enhancements with refined types, including bit-level granularity tracking, distinguishing different effects of variables, precise type inferences, and high scalability. (2) CaType is the first static analyzer for crypto libraries in consideration of blinding-based defenses. (3) From the perspective of implementation, CaType uses cache layouts of potential vulnerable control-flow branches rather than cache states to suppress false positives. We evaluate CaType in identifying side channel vulnerabilities in real-world crypto software, including RSA, ElGamal, and (EC)DSA from OpenSSL and Libgcrypt. CaType captures all known defects, detects previously-unknown vulnerabilities, and reveals several false positives of previous tools. In terms of performance, CaType is 16X faster than CacheD and 131X faster than CacheS when analyzing the same libraries. These evaluation results confirm the capability of CaType in identifying side channel defects with great precision, efficiency, and scalability.
URI: https://hdl.handle.net/10356/165415
ISBN: 978-1-4503-9450-5
DOI: 10.1145/3548606.3560672
Schools: School of Computer Science and Engineering 
Rights: © 2022 Association for Computing Machinery. All rights reserved. This paper was published in Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS 2022) and is made available with permission of Association for Computing Machinery.
Fulltext Permission: open
Fulltext Availability: With Fulltext
Appears in Collections:SCSE Conference Papers

Files in This Item:
File Description SizeFormat 
2022_CCS_refinement_type_full_version.pdf1.19 MBAdobe PDFThumbnail
View/Open

SCOPUSTM   
Citations 50

1
Updated on Mar 7, 2024

Page view(s)

147
Updated on Apr 20, 2024

Download(s) 50

53
Updated on Apr 20, 2024

Google ScholarTM

Check

Altmetric


Plumx

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.