Corpus ID: 52952772

Inducing JIT-Based Side Channels for Inferring Predicates about Secrets

@inproceedings{Brennan2018InducingJS,
  title={Inducing JIT-Based Side Channels for Inferring Predicates about Secrets},
  author={Tegan Brennan and Nicol{\'a}s Rosner and Tevfik Bultan},
  year={2018}
}
Side-channel vulnerabilities in software are caused by an observable imbalance in resource usage across different program paths. In this paper we demonstrate that justin-time (JIT) compilation, which is crucial to the runtime performance of modern Java virtual machines (JVMs), can be leveraged to induce timing side channels. We present a technique for creating dynamic, JIT-based side channels and using them to learn values of predicates about secret inputs. Our technique includes a mechanism… Expand

Figures and Tables from this paper

References

SHOWING 1-10 OF 40 REFERENCES
Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare Logic
TLDR
This paper presents Themis, an end-to-end static analysis tool for finding resource-usage side-channel vulnerabilities in Java applications that combines automated reasoning in CHL with lightweight static taint analysis to improve scalability and introduces the notion of epsilon-bounded non-interference, a variant and relaxation of Goguen and Meseguer's well-known non- interference principle. Expand
Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing
TLDR
A new, yet critical, side-channel attack, branch shadowing, that reveals fine-grained control flows (branch granularity) in an enclave and develops two novel exploitation techniques, a last branch record (LBR)-based history-inferring technique and an advanced programmable interrupt controller (APIC)-based technique to control the execution of an enclave in a finegrained manner. Expand
New Branch Prediction Vulnerabilities in OpenSSL and Necessary Software Countermeasures
TLDR
This paper presents a new and yet unforeseen side channel attack that is enabled by the recently published Simple Branch Prediction Analysis (SBPA), and shows that modular inversion is a natural target of SBPA attacks because it typically uses the Binary Extended Euclidean algorithm whose nature is an input-centric sequence of conditional branches. Expand
Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity
TLDR
This work creates a large number of unique program execution paths by automatically generating diversified replicas for parts of an input program by dynamically and systematically random- izing the control flow of programs. Expand
Multi-run Side-Channel Analysis Using Symbolic Execution and Max-SMT
TLDR
A program analysis that uses symbolic execution to quantify the information that is leaked to an attacker who makes multiple side-channel measurements is described, showing how to obtain tight bounds on information leakage under a small number of attack steps. Expand
Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors
TLDR
Two ways in which programs that lack key-dependent control flow and key- dependent cache behavior can still leak timing information on modern x86 implementations such as the Intel Core 2 Duo are demonstrated, and defense mechanisms against them are proposed. Expand
Predicting Secret Keys Via Branch Prediction
TLDR
A new software side-channel attack enabled by the branch prediction capability common to all modern high-performance CPUs, which allows an unprivileged process to attack other processes running in parallel on the same processor, despite sophisticated partitioning methods such as memory protection, sandboxing or even virtualization. Expand
String analysis for side channels with segmented oracles
TLDR
An efficient technique for segmented oracles that computes information leakage for multiple runs using only the path constraints generated from a single run symbolic execution is presented. Expand
Compiler mitigations for time attacks on modern x86 processors
TLDR
The extent to which automated compiler techniques can defend against timing-based side channel attacks on modern x86 processors is evaluated and the extent towhich compiler backends are a suitable tool to provide automated support for the proposed mitigations are discussed. Expand
A Note On Side-Channels Resulting From Dynamic Compilation
  • D. Page
  • Computer Science
  • IACR Cryptol. ePrint Arch.
  • 2006
TLDR
This paper examines the specific problem that dynamic compilation, through transformation of the code, may introduce side-channel vulnerabilities where before there were none. Expand
...
1
2
3
4
...