UC Santa Barbara

Software side-channel attacks are able to recover confidential information by observing non-functional computation characteristics of program execution such as elapsed time, amount of allocated memory, or network packet size. The ability to automatically determine the amount of information that a malicious user can gain through side-channel observations allows one to quantitatively assess the security of an application. Since most software that accesses confidential information leaks some amount of information through side channels, it is important to quantify the amount of leakage in order to detect vulnerabilities. In addition, one can prove that a program is vulnerable to side-channel attacks by synthesizing attacks that recover confidential information.

In this dissertation, I provide methods for (1) quantifying side-channel vulnerabilities and (2) synthesizing adaptive side-channel attack steps.

My approaches advance the state-of-the-art in automatic software side-channel analysis which I summarize as follows.

I make use of symbolic execution to extract program constraints that characterize the

relationship between secret information, the inputs of a malicious user, and observable program behaviors. By applying model counting constraint solving to these constraints, I compute probabilistic relationships among secrets, attacker inputs, and attacker side-channel observations. These probabilities are used to quantify information leakage for a program by applying methods from the field of quantitative information flow. Moreover, by automatically generating a symbolic expression that quantifies information leakage, I am able to perform numeric maximization over attacker inputs to synthesize optimal attack steps. The sequence of attack steps serves as a proof of exploitability. I give two different automatic attack synthesis techniques: a fully static approach and an online dynamic approach that constructs an attack that takes into account system noise and is able to execute the attack through the network. I demonstrate the effectiveness of my approaches on a set of experimental benchmarks.