research-article

CacheAudit: A Tool for the Static Analysis of Cache Side Channels

Authors:

Laurent Mauborgne,

Jan ReinekeAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 18, Issue 1

Article No.: 4, Pages 1 - 32

https://doi.org/10.1145/2756550

Published: 09 June 2015 Publication History

Abstract

We present CacheAudit, a versatile framework for the automatic, static analysis of cache side channels. CacheAudit takes as input a program binary and a cache configuration and derives formal, quantitative security guarantees for a comprehensive set of side-channel adversaries, namely, those based on observing cache states, traces of hits and misses, and execution times. Our technical contributions include novel abstractions to efficiently compute precise overapproximations of the possible side-channel observations for each of these adversaries. These approximations then yield upper bounds on the amount of information that is revealed.

In case studies, we apply CacheAudit to binary executables of algorithms for sorting and encryption, including the AES implementation from the PolarSSL library, and the reference implementations of the finalists of the eSTREAM stream cipher competition. The results we obtain exhibit the influence of cache size, line size, associativity, replacement policy, and coding style on the security of the executables and include the first formal proofs of security for implementations with countermeasures such as preloading and data-independent memory access patterns.

References

[1]

Andreas Abel and Jan Reineke. 2013. Measurement-based modeling of the cache replacement policy. In Proceedings of the 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS). IEEE, 65--74.

Digital Library

[2]

AbsInt Angewandte Informatik GmbH. 2015. AbsInt aiT Worst-Case Execution Time Analyzers. Retrieved from http://www.absint.com/ait/.

[3]

Onur Aciiçmez and Ç. K. KoÇ. 2006. Trace-driven cache attacks on AES. In ICICS. Springer, 112--121.

Digital Library

[4]

Onur AciiÇmez, Werner Schindler, and Ç. K. KoÇ. 2007. Cache based remote timing attack on the AES. In CT-RSA. Springer, 271--286.

Digital Library

[5]

Johan Agat. 2000. Transforming out timing leaks. In POPL 2000. ACM, 40--53.

Digital Library

[6]

Johan Agat and David Sands. 2001. On confidentiality and algorithms. In SSP. IEEE, 64--77.

Digital Library

[7]

Michael Backes, Boris Köpf, and Andrey Rybalchenko. 2009. Automatic discovery and quantification of information leaks. In SSP. IEEE, 141--153.

Digital Library

[8]

Mirza Basim Baig, Connor Fitzsimons, Suryanarayanan Balasubramanian, Radu Sion, and Donald E. Porter. 2014. CloudFlow: Cloud-wide policy enforcement using fast VM introspection. In IC2E. IEEE.

[9]

Gilles Barthe, Gustavo Betarte, Juan Diego Campo, Carlos Luna, and David Pichardie. 2014a. System-level non-interference for constant-time cryptography. Cryptology ePrint Archive, Report 2014/422. (2014).

[10]

Gilles Barthe, Boris Köpf, Laurent Mauborgne, and Martín Ochoa. 2014b. Leakage resilience against concurrent cache attacks. In Proceedings of the 3rd Conference on Principles of Security and Trust (POST’14). Springer.

[11]

Come Berbain, Olivier Billet, Anne Canteaut, Nicolas Courtois, Henri Gilbert, Louis Goubin, Aline Gouget, Louis Granboulan, Cdric Lauradoux, Marine Minier, Thomas Pornin, and Herv Sibert. 2005. Sosemanuk, A Fast Software-oriented Stream Cipher. Retrieved from http://www.ecrypt.eu.org/stream/p3ciphers/sosemanuk/sosemanuk&lowbar;p3.pdf.

[12]

Daniel Bernstein. 2005. Cache-Timing Attacks on AES. Retrieved from http://cr.yp.to/antiforgery/cachetiming-20050414.pdf.

[13]

Daniel Bernstein. 2015a. Leaks. Retrieved from http://cr.yp.to/streamciphers/leaks.html.

[14]

Daniel Bernstein. 2015b. Snuffle 2005: The Salsa20 Encryption Function. Retrieved from http://cr.yp.to/snuffle.html.

[15]

Martin Boesgaard, Mette Vesterager, Thomas Christensen, and Erik Zenner. 2005. The Stream Cipher Rabbit. Retrieved from http://www.ecrypt.eu.org/stream/p3ciphers/rabbit/rabbit&lowbar;p3.pdf.

[16]

FranÇois Bourdoncle. 1993. Efficient chaotic iteration strategies with widenings. In FMPA. Springer.

[17]

Christelle Braun, Konstantinos Chatzikokolakis, and Catuscia Palamidessi. 2009. Quantitative notions of leakage for one-try attacks. Electron. Notes Theor. Comput. Sci. 249 (2009), 75--91.

Digital Library

[18]

Adam Chlipala. 2006. Modular development of certified program verifiers with a proof assistant. In ICFP. ACM, 160--171.

Digital Library

[19]

David Clark, Sebastian Hunt, and Pasquale Malacaria. 2007. A static analysis for quantifying information flow in a simple imperative language. JCS 15, 3 (2007), 321--371.

Digital Library

[20]

David Cock, Qian Ge, Toby Murray, and Gernot Heiser. 2014. The last mile: An empirical study of timing channels on seL4. In CCS. ACM.

Digital Library

[21]

Code Beach. 2008. Sorting Algorithms. Retrieved from http://www.codebeach.com/2008/09/sorting-algorithms-in-c.html.

[22]

Bart Coppens, Ingrid Verbauwhede, Koen De Bosschere, and Bjorn De Sutter. 2009. Practical mitigations for timing-based side-channel attacks on modern x86 processors. In SSP. IEEE, 45--60.

Digital Library

[23]

Patrick Cousot and Radhia Cousot. 1977. Abstract interpretation: A unified lattice model for static analysis of programs by construction of approximation of fixpoints. In POPL. 238--252.

Digital Library

[24]

Patrick Cousot and Radhia Cousot. 1979. Systematic design of program analysis frameworks. In POPL.

Digital Library

[25]

Patrick Cousot, Radhia Cousot, and Laurent Mauborgne. 2012. Theories, solvers and static analysis by abstract interpretation. J. ACM 59, 6 (2012), 31.

Digital Library

[26]

Yevgeniy Dodis, Rafail Ostrovsky, Leonid Reyzin, and Adam Smith. 2008. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38, 1 (2008), 97--139.

Digital Library

[27]

Leonid Domnitser, Aamer Jaleel, Jason Loew, Nael B. Abu-Ghazaleh, and Dmitry Ponomarev. 2012. Non-monopolizable caches: Low-complexity mitigation of cache side channel attacks. TACO 8, 4 (2012), 35.

Digital Library

[28]

Goran Doychev, Dominik Feld, Boris Köpf, Laurent Mauborgne, and Jan Reineke. 2013. CacheAudit: A tool for the static analysis of cache side channels. In Proceedings of the 22nd USENIX Security Symposium. USENIX.

Digital Library

[29]

Stefan Dziembowski and Krzysztof Pietrzak. 2008. Leakage-resilient cryptography. In FOCS. IEEE.

Digital Library

[30]

ECRYPT. 2012. The eSTREAM Portfolio in 2012. Retrieved from http://www.ecrypt.eu.org/documents/D.SYM.10-v1.pdf.

[31]

Úlfar Erlingsson and Martín Abadi. 2007. Operating System Protection Against Side-Channel Attacks That Exploit Memory Latency. Technical Report.

[32]

Dominik Feld. 2013. Relational Domains for the Quantification of Cache Side Channels. Master’s thesis. Saarland University.

[33]

Christian Ferdinand, Florian Martin, Reinhard Wilhelm, and Martin Alt. 1999. Cache behavior prediction by abstract interpretation. Sci. Comput. Program. 35, 2 (1999), 163--189.

Digital Library

[34]

Bryan Ford. 2012. Plugging side-channel leaks with timing information flow control. In HotCloud. USENIX.

Digital Library

[35]

Daniel Grund. 2012. Static Cache Analysis for Real-Time Systems -- LRU, FIFO, PLRU. Ph.D. Dissertation. Saarland University.

[36]

Shay Gueron. 2010. Intel Advanced Encryption Standard (AES) Instructions Set. Retrieved from http://software.intel.com/file/24917.

[37]

David Gullasch, Endre Bangerter, and Stephan Krenn. 2011. Cache games - Bringing access-based cache attacks on AES to practice. In SSP. IEEE, 490--505.

Digital Library

[38]

Reinhold Heckmann, Marc Langenbach, Stephan Thesing, and Reinhard Wilhelm. 2003. The influence of processor architecture on the design and the results of WCET tools. IEEE Proc. Real-Time Syst. 91, 7 (2003), 1038--1054.

[39]

Daniel Hedin and David Sands. 2005. Timing aware information flow security for a JavaCard-like bytecode. ENTCS 141, 1 (2005), 163--182.

Digital Library

[40]

Jonathan Heusser and Pasquale Malacaria. 2010. Quantifying information leaks in software. In ACSAC. ACM, 261--269.

Digital Library

[41]

Suman Jana and Vitaly Shmatikov. 2012. Memento: Learning secrets from process footprints. In SSP. IEEE, 143--157.

Digital Library

[42]

Emilia Käsper and Peter Schwabe. 2009. Faster and timing-attack resistant AES-GCM. In CHES. 1--17.

Digital Library

[43]

Taesoo Kim, Marcus Peinado, and Gloria Mainar-Ruiz. 2012. StealthMem: System-level protection against cache-based side channel attacks in the cloud. In Proceedings of the 19th USENIX Security Symposium. USENIX.

Digital Library

[44]

Johannes Kinder, Florian Zuleger, and Helmut Veith. 2009. An abstract interpretation-based framework for control flow reconstruction from binaries. In VMCAI. Springer, 214--228.

Digital Library

[45]

Paul Kocher. 1996. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In CRYPTO. Springer, 104--113.

Digital Library

[46]

Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In CRYPTO. Springer.

Digital Library

[47]

Boris Köpf and David Basin. 2007. An information-theoretic model for adaptive side-channel attacks. In CCS. ACM, 286--296.

Digital Library

[48]

Boris Köpf, Laurent Mauborgne, and Martín Ochoa. 2012. Automatic quantification of cache side-channels. In CAV. Springer, 564--580.

Digital Library

[49]

Boris Köpf and Andrey Rybalchenko. 2010. Approximation and randomization for quantitative information-flow analysis. In CSF. IEEE, 3--14.

Digital Library

[50]

Boris Köpf and Geoffrey Smith. 2010. Vulnerability bounds and leakage resilience of blinded cryptography under timing attacks. In CSF. IEEE, 44--56.

Digital Library

[51]

Gregor Leander, Erik Zenner, and Philip Hawkes. 2009. Cache timing analysis of LFSR-based stream ciphers. In Cryptography and Coding. Springer, 433--445.

Digital Library

[52]

Laurent Mauborgne and Xavier Rival. 2005. Trace partitioning in abstract interpretation based static analyzers. In ESOP (LNCS), Vol. 3444. Springer, 5--20.

Digital Library

[53]

Ziyuan Meng and Geoffrey Smith. 2011. Calculating bounds on information leakage using two-bit patterns. In PLAS. ACM.

Digital Library

[54]

David Molnar, Matt Piotrowski, David Schultz, and David Wagner. 2006. The program counter security model: Automatic detection and removal of control-flow side channel attacks. In Information Security and Cryptology-ICISC 2005. Springer, 156--168.

Digital Library

[55]

James Newsome, Stephen McCamant, and Dawn Song. 2009. Measuring channel capacity to distinguish undue influence. In PLAS. ACM, 73--85.

Digital Library

[56]

Dag Arne Osvik, Adi Shamir, and Eran Tromer. 2006. Cache attacks and countermeasures: The case of AES. In CT-RSA (LNCS), Vol. 3860. Springer, 1--20.

Digital Library

[57]

Goutam Paul and Shashwat Raizada. 2012. Impact of extending side channel attack on cipher variants: A case study with the HC series of stream ciphers. In Security, Privacy, and Applied Cryptography Engineering. Springer, 32--44.

Digital Library

[58]

Colin Percival. 2005. Cache missing for fun and profit. In BSDCan.

[59]

Himanshu Raj, Ripal Nathuji, Abhishek Singh, and Paul England. 2009. Resource management for isolation enhanced cloud services. In Proceedings of the ACM Cloud Computing Security Workshop (CCSW’09). 77--84.

Digital Library

[60]

Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In CCS. ACM, 199--212.

Digital Library

[61]

Geoffrey Smith. 2009. On the foundations of quantitative information flow. In FoSSaCS. Springer.

Digital Library

[62]

Mohit Tiwari, Jason Oberg, Xun Li, Jonathan Valamehr, Timothy E. Levin, Ben Hardekopf, Ryan Kastner, Frederic T. Chong, and Timothy Sherwood. 2011. Crafting a usable microkernel, processor, and I/O system with strict and provable information flow security. In ISCA. ACM, 189--200.

Digital Library

[63]

Zhenghong Wang and Ruby B. Lee. 2007. New cache designs for thwarting software cache-based side channel attacks. In ISCA. ACM, 494--505.

Digital Library

[64]

Zhenghong Wang and Ruby B. Lee. 2008. A novel cache architecture with enhanced performance and security. In 41st IEEE/ACM International Symposium on Microarchitecture (MICRO). 83--93.

Digital Library

[65]

Hongjun Wu. 2004. The Stream Cipher HC-128. Retrieved from http://www.ecrypt.eu.org/stream/p3ciphers/hc/hc128&lowbar;p3.pdf.

[66]

Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack. In Proceedings of the 23rd USENIX Security Symposium. 719--732.

Digital Library

[67]

Yu Yu, FranÇois-Xavier Standaert, Olivier Pereira, and Moti Yung. 2010. Practical leakage-resilient pseudorandom generators. In CCS. ACM, 141--151.

Digital Library

[68]

Erik Zenner. 2009. A cache timing analysis of HC-256. In Selected Areas in Cryptography. Springer.

Digital Library

[69]

Danfeng Zhang, Aslan Askarov, and Andrew C. Myers. 2012a. Language-based control and mitigation of timing channels. In PLDI. ACM, 99--110.

Digital Library

[70]

Yinqian Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. 2012b. Cross-VM side channels and their use to extract private keys. In CCS. ACM.

Digital Library

Cited By

Ahmed FTanvir Arafin M(2025)Attack Detection and Countermeasures at Edge DevicesSmart Cyber‐Physical Power Systems10.1002/9781394191529.ch20(539-553)Online publication date: 14-Feb-2025
https://doi.org/10.1002/9781394191529.ch20
Mohr GGuarnieri MReineke J(2024)Synthesizing Hardware-Software Leakage Contracts for RISC-V Open-Source Processors2024 Design, Automation & Test in Europe Conference & Exhibition (DATE)10.23919/DATE58400.2024.10546681(1-6)Online publication date: 25-Mar-2024
https://doi.org/10.23919/DATE58400.2024.10546681
Balaji SCharumathi DAhmed MAppu A(2024)The influence of job satisfaction on retention of primary healthcare professionals in Tamil NaduInternational Journal of ADVANCED AND APPLIED SCIENCES10.21833/ijaas.2024.02.02511:2(238-247)Online publication date: Feb-2024
https://doi.org/10.21833/ijaas.2024.02.025
Show More Cited By

Index Terms

CacheAudit: A Tool for the Static Analysis of Cache Side Channels

Recommendations

CleanupSpec: An "Undo" Approach to Safe Speculation
MICRO '52: Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture

Speculation-based attacks affect hundreds of millions of computers. These attacks typically exploit caches to leak information, using speculative instructions to cause changes to the cache state. Hardware-based solutions that protect against such forms ...
DUCATI: High-performance Address Translation by Extending TLB Reach of GPU-accelerated Systems

Conventional on-chip TLB hierarchies are unable to fully cover the growing application working-set sizes. To make things worse, Last-Level TLB (LLT) misses require multiple accesses to the page table even with the use of page walk caches. Consequently, ...
Disruptive prefetching: impact on side-channel attacks and cache designs
SYSTOR '15: Proceedings of the 8th ACM International Systems and Storage Conference

Caches are integral parts in modern computers; they leverage the memory access patterns of a program to mitigate the gap between the fast processors and slow memory components.

Unfortunately, the behavior of caches can be exploited by attackers to infer ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security

ACM Transactions on Information and System Security Volume 18, Issue 1

June 2015

126 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/2786062

Editor:
Gene Tsudik
University of California at Irvine, USA

Issue’s Table of Contents

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 June 2015

Accepted: 01 April 2015

Revised: 01 January 2015

Received: 01 August 2014

Published in TISSEC Volume 18, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Madrid Regional Project S2013/ICE-2731 N-GREENS
Spanish Project TIN2012-39391-C04-01 StrongSoft
German Research Council (DFG) as part of the Transregional Collaborative Research Center AVACS

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

121
Total Citations
View Citations
1,023
Total Downloads

Downloads (Last 12 months)49
Downloads (Last 6 weeks)2

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ahmed FTanvir Arafin M(2025)Attack Detection and Countermeasures at Edge DevicesSmart Cyber‐Physical Power Systems10.1002/9781394191529.ch20(539-553)Online publication date: 14-Feb-2025
https://doi.org/10.1002/9781394191529.ch20
Mohr GGuarnieri MReineke J(2024)Synthesizing Hardware-Software Leakage Contracts for RISC-V Open-Source Processors2024 Design, Automation & Test in Europe Conference & Exhibition (DATE)10.23919/DATE58400.2024.10546681(1-6)Online publication date: 25-Mar-2024
https://doi.org/10.23919/DATE58400.2024.10546681
Balaji SCharumathi DAhmed MAppu A(2024)The influence of job satisfaction on retention of primary healthcare professionals in Tamil NaduInternational Journal of ADVANCED AND APPLIED SCIENCES10.21833/ijaas.2024.02.02511:2(238-247)Online publication date: Feb-2024
https://doi.org/10.21833/ijaas.2024.02.025
Ruan HNoller YTizpaz-Niari SChattopadhyay SRoychoudhury A(2024)Timing Side-Channel Mitigation via Automated Program RepairACM Transactions on Software Engineering and Methodology10.1145/367816933:8(1-27)Online publication date: 16-Jul-2024
https://dl.acm.org/doi/10.1145/3678169
Mantel HSchmidt JSchneider TStillger MWeißmantel TYalame HDe V(2024)HyCaMi: High-Level Synthesis for Cache Side-Channel MitigationProceedings of the 61st ACM/IEEE Design Automation Conference10.1145/3649329.3657394(1-6)Online publication date: 23-Jun-2024
https://dl.acm.org/doi/10.1145/3649329.3657394
Gao PSong FChen T(2024)Compositional Verification of First-Order Masking Countermeasures against Power Side-Channel AttacksACM Transactions on Software Engineering and Methodology10.1145/363570733:3(1-38)Online publication date: 14-Mar-2024
https://dl.acm.org/doi/10.1145/3635707
Forcioli QChaudhuri SDanger J(2024)TEE-Time: A Dynamic Cache Timing Analysis Tool for Trusted Execution Environments2024 25th International Symposium on Quality Electronic Design (ISQED)10.1109/ISQED60706.2024.10528744(1-8)Online publication date: 3-Apr-2024
https://doi.org/10.1109/ISQED60706.2024.10528744
Minkin MKasikci B(2024)ZipChannel: Cache Side-Channel Vulnerabilities in Compression Algorithms2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00033(223-237)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00033
Fayolle IWichelmann JKöhl ARudametkin WEisenbarth TMaurice C(2024)Semi-automated and Easily Interpretable Side-Channel Analysis for Modern JavaScriptCryptology and Network Security10.1007/978-981-97-8016-7_2(25-46)Online publication date: 29-Sep-2024
https://doi.org/10.1007/978-981-97-8016-7_2
Hatchikian-Houdot JWilke PBesson FHiet G(2024)Formal Hardware/Software Models for Cache Locking Enabling Fast and Secure CodeComputer Security – ESORICS 202410.1007/978-3-031-70896-1_8(153-173)Online publication date: 6-Sep-2024
https://doi.org/10.1007/978-3-031-70896-1_8
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents