基于明确硬件假设的自动软件定时攻击评估与缓解

Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering Pub Date : 2022-10-10 DOI:10.1145/3551349.3559516

Prabuddha Chakraborty

{"title":"基于明确硬件假设的自动软件定时攻击评估与缓解","authors":"Prabuddha Chakraborty","doi":"10.1145/3551349.3559516","DOIUrl":null,"url":null,"abstract":"Embedded systems are widely used for implementing diverse Internet-of-Things (IoT) applications. These applications often deal with secret/sensitive data and encryption keys which can potentially be leaked through timing side-channel analysis. Runtime-based timing side-channel attacks are performed by measuring the time a code takes to execute and using that information to extract sensitive data. Effectively detecting such vulnerabilities with high precision and low false positives is a challenging task due to the runtime dependence of software code on the underlying hardware. Effectively fixing such vulnerabilities with low overhead is also non-trivial due to the diverse nature of embedded systems. In this article, we propose an automatic runtime side channel vulnerability detection and mitigation framework that not only considers the software code but also use the underlying hardware architecture information to tune the framework for more accurate vulnerability detection and system-specific tailored mitigation.","PeriodicalId":197939,"journal":{"name":"Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering","volume":"189 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Automatic Software Timing Attack Evaluation & Mitigation on Clear Hardware Assumption\",\"authors\":\"Prabuddha Chakraborty\",\"doi\":\"10.1145/3551349.3559516\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Embedded systems are widely used for implementing diverse Internet-of-Things (IoT) applications. These applications often deal with secret/sensitive data and encryption keys which can potentially be leaked through timing side-channel analysis. Runtime-based timing side-channel attacks are performed by measuring the time a code takes to execute and using that information to extract sensitive data. Effectively detecting such vulnerabilities with high precision and low false positives is a challenging task due to the runtime dependence of software code on the underlying hardware. Effectively fixing such vulnerabilities with low overhead is also non-trivial due to the diverse nature of embedded systems. In this article, we propose an automatic runtime side channel vulnerability detection and mitigation framework that not only considers the software code but also use the underlying hardware architecture information to tune the framework for more accurate vulnerability detection and system-specific tailored mitigation.\",\"PeriodicalId\":197939,\"journal\":{\"name\":\"Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering\",\"volume\":\"189 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-10-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3551349.3559516\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3551349.3559516","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

嵌入式系统被广泛用于实现各种物联网(IoT)应用。这些应用程序通常处理秘密/敏感数据和加密密钥，这些数据和密钥可能通过定时侧信道分析泄露。基于运行时的定时侧信道攻击是通过测量代码执行所需的时间并使用该信息提取敏感数据来执行的。由于软件代码在运行时依赖于底层硬件，因此以高精度和低误报的方式有效检测此类漏洞是一项具有挑战性的任务。由于嵌入式系统的多样性，以较低的开销有效地修复此类漏洞也很重要。在本文中，我们提出了一个自动运行时侧通道漏洞检测和缓解框架，该框架不仅考虑软件代码，还使用底层硬件架构信息对框架进行调优，以实现更准确的漏洞检测和针对系统的定制缓解。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Automatic Software Timing Attack Evaluation & Mitigation on Clear Hardware Assumption

Embedded systems are widely used for implementing diverse Internet-of-Things (IoT) applications. These applications often deal with secret/sensitive data and encryption keys which can potentially be leaked through timing side-channel analysis. Runtime-based timing side-channel attacks are performed by measuring the time a code takes to execute and using that information to extract sensitive data. Effectively detecting such vulnerabilities with high precision and low false positives is a challenging task due to the runtime dependence of software code on the underlying hardware. Effectively fixing such vulnerabilities with low overhead is also non-trivial due to the diverse nature of embedded systems. In this article, we propose an automatic runtime side channel vulnerability detection and mitigation framework that not only considers the software code but also use the underlying hardware architecture information to tune the framework for more accurate vulnerability detection and system-specific tailored mitigation.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering

自引率

0.00%

发文量