kth.sePublications
System disruptions
We are currently experiencing disruptions on the search portals due to high traffic. We are working to resolve the issue, you may temporarily encounter an error message.
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Validation of side-channel models via observation refinement
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Theoretical Computer Science, TCS.
Stanford University and CISPA Helmholtz Center for Information Security, United States.
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Theoretical Computer Science, TCS.ORCID iD: 0000-0001-5311-1781
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Theoretical Computer Science, TCS.ORCID iD: 0000-0002-8069-6495
2021 (English)In: Proceedings of the Annual International Symposium on Microarchitecture, MICRO, Association for Computing Machinery (ACM) , 2021, p. 578-591Conference paper, Published paper (Refereed)
Abstract [en]

Observational models enable the analysis of information flow properties against side channels. Relational testing has been used to validate the soundness of these models by measuring the side channel on states that the model considers indistinguishable. However, unguided search can generate test states that are too similar to each other to invalidate the model. To address this we introduce observation refinement, a technique to guide the exploration of the state space to focus on hardware features of interest. We refine observational models to include fine-grained observations that characterize behavior that we want to exclude. States that yield equivalent refined observations are then ruled out, reducing the size of the space. We have extended an existing model validation framework, Scam-V, to support refinement. We have evaluated the usefulness of refinement for search guidance by analyzing cache coloring and speculative leakage in the ARMv8-A architecture. As a surprising result, we have exposed SiSCLoak, a new vulnerability linked to speculative execution in Cortex-A53.
Place, publisher, year, edition, pages
Association for Computing Machinery (ACM) , 2021. p. 578-591
Keywords [en]
Information flow security, Microarchitectures, Model validation, Side channels, Testing, Channel modelling, Flow properties, Information flows, Micro architectures, Observational models, On state, Side-channel, Unguided search, Security of data
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:kth:diva-313186DOI: 10.1145/3466752.3480130Scopus ID: 2-s2.0-85118897960OAI: oai:DiVA.org:kth-313186DiVA, id: diva2:1663300
Conference
54th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 2021, 18 October 2021 through 22 October 2021
Note

QC 20220602

part of proceedings ISBN 9781450385572

Available from: 2022-06-02 Created: 2022-06-02 Last updated: 2023-05-09Bibliographically approved
In thesis
1. Proving Safety and Security of Binary Programs
Open this publication in new window or tab >>Proving Safety and Security of Binary Programs
2023 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

With the increasing ubiquity of computing devices, their correct and secure operation is of growing importance. In particular, critical components that provide core functionalities or process sensitive data have to operate as intended. Examples are operating systems that must provide proper isolation among applications, device drivers that must reliably communicate with the hardware, crypto routines that must avoid leakage of sensitive information, and low-level security mechanisms that must be implemented correctly to be effective. All these make use of hardware functionalities that are beyond plain software execution. Therefore, they should ideally be verified at binary level to accurately account for the effects their execution has on the underlying hardware systems.

Verifying properties of binary code is challenging because of its lack of structure in terms of control flows and memory representations, and the complex hardware specifics involved. In this thesis, we aim to improve the precision and trustworthiness of binary code analyses by basing the analyses on interactive theorem proving. We contribute with the new HolBA framework for binary analysis, which is built on top of the HOL4 theorem prover. This allows all implemented algorithms to produce machine-checked correctness proofs for their results. We applied this to implement translation procedures into the intermediate language BIR to facilitate analyses. The proof-producing analysis procedures we provide for program verification are the weakest precondition propagation and symbolic execution. We evaluated the framework with a number of binaries and a larger case study, which is the control software for a balancing robot. The latter has been used as an analysis target to establish execution time bounds using symbolic execution.

Since verification is carried out on models of hardware, the applicability of the verification results hinges on how well the used models reflect the actual hardware. In particular, in the context of security applications, where an attacker tries to exploit traits of hardware execution, this has received less attention in the formal methods community. We contribute with the new Scam-V methodology and tool for differential testing to discover possible instances where the attacker-exploitable behavior of a model and a real hardware system diverge. In a number of case studies with real processors, we found a number of new types of leakage that could be exploited by an attacker. Additionally, our validation exercises revealed a number of modeling issues.
Abstract [sv]

Med datorer och inbyggda system förekommande överallt i dagens samhälle blir dessas korrekthet och säkerhet allt viktigare. I synnerhet måste mjukvarukomponenter som bidrar med viktig funktionalitet eller hanterar känslig data fungera som avsett. Exempel på komponenter är operativsystem som måste isolera applikationer, drivrutiner som måste kommunicera med hårdvaran på ett tillförlitligt sätt, kryptografiska rutiner som inte får läcka känslig information och fundamentala säkerhetsmekanismer vars resultat beror starkt på implementationens korrekthet. Alla dessa komponenter involverar hårdvaruaspekter som normalt sett inte involveras vid exekvering av applikationsprogram. För korrekt verifiering bör därför dessa komponenter analyseras på binär nivå.

Att verifiera binärkodsegenskaper är utmanande då kontrollflöden och minnesrepresentationer saknar struktur i binärkod, och för att verifieringen involverar komplexa hårdvarudetaljer. I denna avhandling förbättrar vi precisionen och tillförlitligheten i binärkodsanalys med hjälp av en interaktiv bevisassistent. Vi presenterar ramverket HolBA för binärkodsanalys, som vi har implementerat i den interaktiva bevisassistenten HOL4. HolBA möjliggör implementation av analysalgoritmer så att algoritmerna producerar maskinkontrollerade korrekthetsbevis för dessas beräknade resultat. Vi har använt HolBA för att implementera översättningsprocedurer från binärkod till det mer abstrakta programspråket BIR för att underlätta formell analys. HolBA har två bevisproducerande analysrutiner för att möjliggöra programverifiering: en rutin för symbolisk exekvering och en rutin som beräknar det minst restriktiva villkoret som garanterar att programets resultat satisfierar ett givet villkor. Vi utvärderar HolBA med hjälp av ett antal binära program, och en större fallstudie bestående av ett program som styr en självbalanserande robot. Robotmjukvarans exekveringstider har analyserats med symbolisk exekvering för att verifiera dess övre och undre tidsgränser.

Verifieringsresultatens tillförlitlighet beror på hur precist hårdvarumodellerna återspeglar den faktiska hårdvaran. Denna aspekt har fått begränsad uppmärksamhet i samband med säkerhet, där subtila hårdvaruoperationer kan utnyttjas vid angrepp. Vi presenterar Scam-V, en metod och ett verktyg för differentiell testning, som upptäcker skillnader i beteende mellan modell och hårdvara som kan ge upphov till säkerhetssårbarheter. I ett antal fallstudier med riktiga processorer hittades, tidigare okända, typer av informationsläckage.
Place, publisher, year, edition, pages
Stockholm: KTH Royal Institute of Technology, 2023. p. vi, 181
Series
TRITA-EECS-AVL ; 2023:41
Keywords
Binary Code, Binary Analysis, Formal Verification, Model-Based Testing, Theorem Proving, HOL4, Intermediate Language, Instruction Set Architectures, ISA, Observational Models, Symbolic Execution, Weakest-Precondition, Execution Time Analysis, binärkod, binärkodsanalys, formell verifiering, modellbaserad testning, satsbevisning, HOL4, mellankod, instruktionsuppsättningar, ISA, observationsmodeller, symbolisk exekvering, minst restriktiva villkoret, analys av övre tidsgräns
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kth:diva-326719 (URN)978-91-8040-583-6 (ISBN)
Public defence
2023-06-02, https://kth-se.zoom.us/j/68807417997, L1, Drottning Kristinas väg 30, Stockholm, 09:00 (English)
Opponent
Supervisors
Funder
Swedish Foundation for Strategic Research, RIT 17-0036Swedish Civil Contingencies Agency, 2015-831
Note

QC 20230509

Available from: 2023-05-09 Created: 2023-05-09 Last updated: 2023-05-15Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Buiras, PabloLindner, AndreasGuanciale, Roberto

Search in DiVA

By author/editor
Buiras, PabloLindner, AndreasGuanciale, Roberto
By organisation
Theoretical Computer Science, TCS
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 114 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.45.0
|
WCAG
|
KTH Library
|
DiVA support
|
Register in DiVA
|
Posting your thesis
|
SwePub