Verifying and Synthesizing Constant-Resource Implementations with Types

V. Ngo, Mario Dehesa-Azuara, Matt Fredrikson, Jan Hoffmann
{"title":"Verifying and Synthesizing Constant-Resource Implementations with Types","authors":"V. Ngo, Mario Dehesa-Azuara, Matt Fredrikson, Jan Hoffmann","doi":"10.1109/SP.2017.53","DOIUrl":null,"url":null,"abstract":"Side channel attacks have been used to extract critical data such as encryption keys and confidential user data in a variety of adversarial settings. In practice, this threat is addressed by adhering to a constant-time programming discipline, which imposes strict constraints on the way in which programs are written. This introduces an additional hurdle for programmers faced with the already difficult task of writing secure code, highlighting the need for solutions that give the same source-level guarantees while supporting more natural programming models. We propose a novel type system for verifying that programs correctly implement constant-resource behavior. Our type system extends recent work on automatic amortized resource analysis (AARA), a set of techniques that automatically derive provable upper bounds on the resource consumption of programs. We devise new techniques that build on the potential method to achieve compositionality, precision, and automation. A strict global requirement that a program always maintains constant resource usage is too restrictive for most practical applications. It is sufficient to require that the program's resource behavior remain constant with respect to an attacker who is only allowed to observe part of the program's state and behavior. To account for this, our type system incorporates information flow tracking into its resource analysis. This allows our system to certify programs that need to violate the constant-time requirement in certain cases, as long as doing so does not leak confidential information to attackers. We formalize this guarantee by defining a new notion of resource-aware noninterference, and prove that our system enforces it. Finally, we show how our type inference algorithm can be used to synthesize a constant-time implementation from one that cannot be verified as secure, effectively repairing insecure programs automatically. We also show how a second novel AARA system that computes lower bounds on resource usage can be used to derive quantitative bounds on the amount of information that a program leaks through its resource use. We implemented each of these systems in Resource Aware ML, and show that it can be applied to verify constant-time behavior in a number of applicationsincluding encryption and decryption routines, database queries, and other resource-aware functionality.","PeriodicalId":6502,"journal":{"name":"2017 IEEE Symposium on Security and Privacy (SP)","volume":"27 1","pages":"710-728"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"46","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP.2017.53","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 46

Abstract

Side channel attacks have been used to extract critical data such as encryption keys and confidential user data in a variety of adversarial settings. In practice, this threat is addressed by adhering to a constant-time programming discipline, which imposes strict constraints on the way in which programs are written. This introduces an additional hurdle for programmers faced with the already difficult task of writing secure code, highlighting the need for solutions that give the same source-level guarantees while supporting more natural programming models. We propose a novel type system for verifying that programs correctly implement constant-resource behavior. Our type system extends recent work on automatic amortized resource analysis (AARA), a set of techniques that automatically derive provable upper bounds on the resource consumption of programs. We devise new techniques that build on the potential method to achieve compositionality, precision, and automation. A strict global requirement that a program always maintains constant resource usage is too restrictive for most practical applications. It is sufficient to require that the program's resource behavior remain constant with respect to an attacker who is only allowed to observe part of the program's state and behavior. To account for this, our type system incorporates information flow tracking into its resource analysis. This allows our system to certify programs that need to violate the constant-time requirement in certain cases, as long as doing so does not leak confidential information to attackers. We formalize this guarantee by defining a new notion of resource-aware noninterference, and prove that our system enforces it. Finally, we show how our type inference algorithm can be used to synthesize a constant-time implementation from one that cannot be verified as secure, effectively repairing insecure programs automatically. We also show how a second novel AARA system that computes lower bounds on resource usage can be used to derive quantitative bounds on the amount of information that a program leaks through its resource use. We implemented each of these systems in Resource Aware ML, and show that it can be applied to verify constant-time behavior in a number of applicationsincluding encryption and decryption routines, database queries, and other resource-aware functionality.
用类型验证和综合常量资源实现
侧信道攻击已被用于在各种对抗性设置中提取关键数据,如加密密钥和机密用户数据。在实践中,这种威胁是通过坚持固定时间编程原则来解决的,该原则对编写程序的方式施加了严格的约束。这给程序员带来了一个额外的障碍,他们面临着编写安全代码的困难任务,强调需要提供相同的源代码级别保证,同时支持更自然的编程模型的解决方案。我们提出了一种新型系统来验证程序是否正确地实现了恒定资源行为。我们的类型系统扩展了最近在自动平摊资源分析(AARA)方面的工作,AARA是一组自动导出程序资源消耗的可证明上界的技术。我们设计了基于潜在方法的新技术,以实现组合性、精度和自动化。对于大多数实际应用程序来说,程序始终保持恒定的资源使用这一严格的全局要求过于严格。对于只允许观察程序的部分状态和行为的攻击者来说,要求程序的资源行为保持不变就足够了。为了说明这一点,我们的类型系统将信息流跟踪合并到它的资源分析中。这允许我们的系统在某些情况下认证需要违反恒定时间要求的程序,只要这样做不会将机密信息泄露给攻击者。我们通过定义一个资源感知不干涉的新概念来形式化这种保证,并证明我们的系统执行它。最后,我们展示了如何使用我们的类型推断算法从一个不能被验证为安全的实现合成一个恒定时间的实现,从而有效地自动修复不安全的程序。我们还展示了如何使用第二个计算资源使用下限的新型AARA系统来推导程序通过其资源使用泄露的信息量的定量界限。我们在资源感知ML中实现了这些系统中的每一个,并展示了它可以用于验证许多应用程序中的恒定时间行为,包括加密和解密例程,数据库查询和其他资源感知功能。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信