liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Quantifying the Information Leakage in Cache Attacks via Symbolic Execution
Singapore Univ Technol and Design, Singapore.
Saarland Univ, Germany.
Linköping University, Department of Computer and Information Science, Software and Systems. Linköping University, Faculty of Science & Engineering.
Saarland Univ, Germany.
2019 (English)In: ACM Transactions on Embedded Computing Systems, ISSN 1539-9087, E-ISSN 1558-3465, Vol. 18, no 1, article id 7Article in journal (Refereed) Published
Abstract [en]

Cache attacks allow attackers to infer the properties of a secret execution by observing cache hits and misses. But how much information can actually leak through such attacks? For a given program, a cache model, and an input, our CHALICE framework leverages symbolic execution to compute the amount of information that can possibly leak through cache attacks. At the core of CHALICE is a novel approach to quantify information leakage that can highlight critical cache side-channel leakage on arbitrary binary code. In our evaluation on real-world programs from OpenSSL and Linux GDK libraries, CHALICE effectively quantifies information leakage: For an AES-128 implementation on Linux, for instance, CHALICE finds that a cache attack can leak as much as 127 out of 128 bits of the encryption key.

Place, publisher, year, edition, pages
ASSOC COMPUTING MACHINERY , 2019. Vol. 18, no 1, article id 7
Keywords [en]
Side channel; security; cache; symbolic execution
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:liu:diva-155947DOI: 10.1145/3288758ISI: 000460391900008OAI: oai:DiVA.org:liu-155947DiVA, id: diva2:1301287
Note

Funding Agencies|SUTD grant [SRIS17123]; Singapore Ministry of Education (MOE) Academic Research Fund [MOE2018-T2-1-098]

Available from: 2019-04-01 Created: 2019-04-01 Last updated: 2019-04-01

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Search in DiVA

By author/editor
Rezine, Ahmed
By organisation
Software and SystemsFaculty of Science & Engineering
In the same journal
ACM Transactions on Embedded Computing Systems
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 6 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf