Detection and mitigation of JIT-induced side channels

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Cyber-attacks stealing confidential information are becoming increasingly frequent and devastating as modern software systems store and manipulate greater amounts of sensitive data. Leaking information about private user data, such as the financial and medical records of individuals, trade secrets of companies and military secrets of states can have drastic consequences. Confidentiality of such private data is critical for users of these systems. Many software development practices, such as the encryption of packages sent over a network, aim to protect the confidentiality of private data by ensuring that an observer is unable to learn anything meaningful about a program's secret input from its public output. Under these protections, the software system's main communication channels, such as the content of the network packets it sends, or the output it writes to a public file, should not leak information about the private data. However, many software systems still contain serious security vulnerabilities. Side channels are an important class of information leaks where secret information can be captured through the observation of non-functional side effects of software systems. Potential side channels include those in execution time, memory usage, size and timings of network packets, and power consumption. Although side-channel vulnerabilities due to hardware (such as vulnerabilities that exploit the cache behavior) have been extensively studied [1] , [2] , [10] , [13] , [15]-[17] , [19] , [23] , software side channels have only recently become an active area of research, including recent results on software side-channel detection [4] , [8] , [11] , [12] , [18] , [22] , [24] and quantification [5] , [20] , [21] , and my own work on a static analysis framework for detection of software side-channels called CoCo-Channel [8] ) and a constraint caching framework to accelerate side-channel quantification called Cashew [9].

Original languageEnglish
Title of host publicationProceedings - 2020 ACM/IEEE 42nd International Conference on Software Engineering
Subtitle of host publicationCompanion Proceedings, ICSE-Companion 2020
Pages143-145
Number of pages3
ISBN (Electronic)9781450371223
DOIs
StatePublished - 27 Jun 2020
Event42nd ACM/IEEE International Conference on Software Engineering, ICSE-Companion 2020 - Virtual, Online, Korea, Republic of
Duration: 27 Jun 202019 Jul 2020

Publication series

NameProceedings - International Conference on Software Engineering
ISSN (Print)0270-5257

Conference

Conference42nd ACM/IEEE International Conference on Software Engineering, ICSE-Companion 2020
Country/TerritoryKorea, Republic of
CityVirtual, Online
Period27/06/2019/07/20

Fingerprint

Dive into the research topics of 'Detection and mitigation of JIT-induced side channels'. Together they form a unique fingerprint.

Cite this