Cache-Based Side-Channel Vulnerability Detection Based on Symbolic Execution

doi:10.3969/j.issn.0372-2112.2019.06.002

您当前的位置：

首页 >

文章列表页 >

Cache-Based Side-Channel Vulnerability Detection Based on Symbolic Execution

更新时间：2025-07-02

- Cache-Based Side-Channel Vulnerability Detection Based on Symbolic Execution
- Acta Electronica Sinica Vol. 47, Issue 6, Pages: 1194-1200(2019)
- 作者机构：
  
  国家数字交换系统工程技术研究中心,河南,郑州,450003
- 作者简介：
- 基金信息：
  
  NSFC Innovation Research Group (No.61521003);National Natural Science Foundation of China (No.61602509);National Key Research and Development Program of China (No.2016YFB0800100, No.2016YFB0800101);Technology Research and Development Program Fund of Henan Province (No.172102210615)
- DOI：10.3969/j.issn.0372-2112.2019.06.002
  CLC： TP309.2
- Published：2019
- 稿件说明：
移动端阅览
Cache-Based Side-Channel Vulnerability Detection Based on Symbolic Execution[J]. Acta Electronica Sinica, 2019, 47(6): 1194-1200.
DOI：

Cache-Based Side-Channel Vulnerability Detection Based on Symbolic Execution[J]. Acta Electronica Sinica, 2019, 47(6): 1194-1200. DOI： 10.3969/j.issn.0372-2112.2019.06.002.

摘要

缓存侧信道攻击的基础是程序针对不同敏感信息将访问不同的缓存地址.本文提出基于符号执行的缓存侧信道脆弱性检测技术，通过符号化敏感信息的数据传播过程定位潜在的脆弱点，并通过比较其可能的不同缓存访问地址，判断上述代码在缓存攻击中的可利用性.本文开发了原型系统CSCVulDiscover，并针对RSA等3种密码算法的12类实现代码进行测试，总共发现了125个脆弱点.

Abstract

The root cause of cache-based side-channel attacks is that the application will access different cache memory depending on different values of sensitive information.This paper proposes a symbolic-execution-based vulnerability detection technology to identify the code in an application that can be exploited in cache attacks.It analyzes program's data propagation of symbolized sensitive information to locate candidate vulnerabilities

and determines the exploitability through comparison of different possible accessed cache addresses.A prototype system called CSCVulDiscover is developed and tested against 12 kinds of implementation of 3 popular cryptographic algorithms including RSA

and the result shows that 125 vulnerabilities are detected.

关键词

Keywords

references

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

A Full Automatic Detection Method for Security Policy of JVM Run-Time Library

SQL Injection Behavior Detection Method Based on AOP and Dynamic Taint Analysis

Related Author

WU Rong-hui

WANG Ning

SUN Jian-hua

CHEN Hao

CHEN Zhi-wen

HE Cheng-wan

YE Zhi-peng

Related Institution

School of Information Science and Engineering, Hunan University

School of Computer Science and Engineering, Wuhan Institute of Technology

⁰