fuchsia data driven debugging for functional side channels
play

FUCHSIA: Data-Driven Debugging for Functional Side Channels Saeid - PowerPoint PPT Presentation

Jun 26, 2023 •108 likes •366 views

FUCHSIA: Data-Driven Debugging for Functional Side Channels Saeid Tizpaz-Niari* , Pavol Cerny, Ashutosh Trivedi *University of Colorado Boulder Functional Case Motivation Side Channels Studies Functional Case Motivation Side Channels

  1. FUCHSIA: Data-Driven Debugging for Functional Side Channels Saeid Tizpaz-Niari* , Pavol Cerny, Ashutosh Trivedi *University of Colorado Boulder

  2. Functional Case Motivation Side Channels Studies

  3. Functional Case Motivation Side Channels Studies

  4. https://www.eclipse.org/jetty/

  5. V1 … m m b a b b b b b c c c c c d d d d d e e e e e f f f f f m m m m m m m … y y y y y y p c c p c p p a a d d d d a e s e e e s e s f f f f f f m y p a s s 0.5 (s) 0.5 (s) 0.5 (s) 1.0 (s) 1.0 (s) 1.5 (s) V2 a b c d e m y p a s s a a b b c c d d e e f f 1.0 (s) 0.5 (s) 0.5 (s) ? V3 5

  6. - Time does not exist in the syntax or semantic - Large applications with dynamic features

  7. Data-Driven Di ff erential Debugging: Program Analysis + ML 7

  8. V3 jetty.security… jetty.security… StringEquals_bblock_5 StringEquals_bblock_106 jetty.security… jetty.security… StringEquals_bblock_5 StringEquals_bblock_106 Secret Guess password aa1234 password pa12cd password … Secret=‘pass’ mypass a1b2c3 Time Time Guess=‘a’ Guess=‘abcdefgh’ Guess=‘abcd’ Guess=‘abcde’ Guess=‘abc’ Guess=‘ab’ Guess=‘b’ mypass mypa … … Time Time Time Time Public Input (Guess) Public Input (Guess) Public Input (Guess) Public Input (Guess) Public Input (Guess) Public Input 8

  9. V3 jetty.security… jetty.security… StringEquals_bblock_5 StringEquals_bblock_106 jetty.security… jetty.security… StringEquals_bblock_5 StringEquals_bblock_106 Secret Guess password aa1234 password pa12cd password … Secret=‘pass’ mypass a1b2c3 Time Time Guess=‘a’ Guess=‘abcdefgh’ Guess=‘abcd’ Guess=‘abcde’ Guess=‘abc’ Guess=‘ab’ Guess=‘b’ mypass mypa … … Time Time Time Time Public Input (Guess) Public Input (Guess) Public Input (Guess) Public Input (Guess) Public Input (Guess) Public Input 9

  10. Functional Case Motivation Side Channels Studies

  11. Secret Input Secret Input Secret Input Secret Input Secret Input Output Output Output Output Output “1010” “1010” “1010” “110” 1025 24 5 5 3 “110” Public Input Public Input Public Input Public Input Public Input “1000” “101” “10” “1” “0” Time Time Time Time Time 40 32 4 2 2 Time secret = “1010” secret = “110” p1 p2 … pN Public Input 11

  12. Attacker’s Local Observations Attacker’s Remote Observations s%2=1 | s%2=0 Time (ms) Time (ms) s%2=1 s%2=1 6 6 5 5 4 4 s%2=0 s%2=0 3 3 2 2 1 1 p1 p2 … pN p1 p2 … pN Public Input Public Input s%2=0 s%2=1 s%2=1 Time (ms) Time (ms) 6 6 5 5 4 4 s%2=0 s%2=0 3 3 2 2 1 1 p1 p2 … pN p1 p2 … pN Public Input Public Input 12

  13. Point-wise Noninterference: Nilizadeh et al., ICSE’19 P1 P2 Time Time Public Input Public Input “011” “1010” “1010” “1111” “1111” “011” “0” “1” “011” “1111” Functional Noninterference: Tizpaz-Niari et al., NDSS’20 Time Time Public Input Public Input 13

  14. Clustering: Distinguishable Functional Observations

  15. dist ( f 0 , f 4 ) > ϵ f 20 f 8 f 4 Time Time f 0 p1 p2 … pN p1 p2 … pN Public Input Public Input ( f 0 , f 8 ) in the same cluster ! ( f 0 , f 20 ) in the same cluster ! ( f 0 , f 4 ) in the same cluster ! 15

  16. Classification: Root Cause of Timing Side Channels

  17. Secret Public “110” “0” “110” “1” Instrumented Program “110” “00” … … BasicBlock_13 Basic_Block_18 “0110” “0” “0110” “1” BasicBlock_13 Basic_Block_18 “0110” “00” … … Secret = “0110” Secret = “0110” Secret = “110” Secret = “110” BasicBlock_13 Basic_Block_18 BasicBlock_13 Basic_Block_18 Public 1 “01” 2 1 2 “111” 3 3 1 3 “1101” 1 4 4 4 … … … … min(3,y) 1 * y min(4,y) 1 * y 17

  18. Secret Public “110” “0” “110” “1” Instrumented Program “110” “00” … … BasicBlock_13 Basic_Block_18 “0110” “0” “0110” “1” BasicBlock_13 Basic_Block_18 “0110” “00” … … Secret = “0110” Secret = “0110” Secret = “110” Secret = “110” Secret Basic_Block_18 BasicBlock_13 … Label BasicBlock_13 Basic_Block_18 BasicBlock_13 Basic_Block_18 “1” min(1,y) y … Public “10” min(2,y) y … 1 “01” 2 1 2 “110” min(3,y) y … “111” 3 3 1 3 “1101” “1101” min(4,y) y … 1 4 4 4 “0110” min(4,y) y … … … … … …. … … … min(3,y) 1 * y min(4,y) 1 * y 18

  19. Functional Case Motivation Side Channels Studies

  20. Regular Expressions in Java (#Methods: 620)

  21. Regex Library java.util.regex.Pattern. java.util.regex.Patter call_bblock_10 n. Slice_bblock_3964 java.util.regex.Pattern. java.util.regex.Patter call_bblock_10 n. Slice_bblock_3964 Secret Guess “abc123” “aa123” “abc123” “mypa" “abc123” … “mypass” “aa123” “mypass” “mypa” Time (micro-s) Time (micro-s) … … Public Input Public Input 21

  22. Regex Library java.util.regex.Pattern. java.util.regex.Patter call_bblock_10 n. Slice_bblock_3964 java.util.regex.Pattern. java.util.regex.Patter call_bblock_10 n. Slice_bblock_3964 Secret Guess “abc123” “aa123” “abc123” “mypa" “abc123” … “mypass” “aa123” “mypass” “mypa” Time (micro-s) Time (micro-s) … … Public Input Public Input 22

  23. iControl-SOAP (User Credential) #Method: 41,541 Java X (Crypto) #Method: 63 SnapBuddy (Social Network) #Method: 3,071 Stegosaurus (Message Service) #Method: 273

  24. Thank you for your attention! Saeid.Tizpazniari@colorado.edu

Recommend

Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab

Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab

Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab Assignment Handout on course website Each (regular) student will receive an email Solo or 2-person group Individual GitHub repo

978 views • 42 slides
Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab

Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab

Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab Assignment Handout on course website Each (regular) student will receive an email Solo or 2-person group Individual GitHub repo

1.24k views • 102 slides
Side Channels and Covert Channels Daniel Bosk Department of Information and Communication Systems

Side Channels and Covert Channels Daniel Bosk Department of Information and Communication Systems

Side Channels Covert Channels References Side Channels and Covert Channels Daniel Bosk Department of Information and Communication Systems (ICS), Mid Sweden University, Sundsvall. 1st May 2017 Daniel Bosk MIUN ICS Side Channels and Covert

689 views • 32 slides
Screaming Ch Channels When Electromagnetic Side Channels Meet Radio Transceivers Giovanni

Screaming Ch Channels When Electromagnetic Side Channels Meet Radio Transceivers Giovanni

Screaming Ch Channels When Electromagnetic Side Channels Meet Radio Transceivers Giovanni Camurati, Sebastian Poeplau, Marius Muench, Tom Hayes, Aurlien Francillon Whats this all about? - A nov novel attack ex exploiting g EM side

886 views • 77 slides
Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy US DoD 1985 Basically a

1.04k views • 67 slides
Part I: Functional Programming A pure functional program consists of data, functions, and an

Part I: Functional Programming A pure functional program consists of data, functions, and an

Part I: Functional Programming A pure functional program consists of data, functions, and an expression which describes a result. Missing: variables, assignment, side-effects. A processor of a functional program is essentially a

833 views • 36 slides
Side Channels CS 161: Computer Security Prof. David Wagner April 23, 2013 UI Side Channel

Side Channels CS 161: Computer Security Prof. David Wagner April 23, 2013 UI Side Channel

Side Channels CS 161: Computer Security Prof. David Wagner April 23, 2013 UI Side Channel Snooping Scenario: Ann the Attacker works in a building across the street from Victor the Victim. Late one night Ann can see Victor hard at work in

727 views • 44 slides
Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races

Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races

Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races CS 563 Young Li 10/31/18 Intel Software Guard eXtensions (SGX) and Hyper-Threading What is Intel SGX? Set of CPU instructions Present in

718 views • 44 slides
Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks Juraj

Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks Juraj

Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks Juraj Somorovsky Ruhr University Bochum 3curity GmbH juraj.somorovsky@3curity.de About me Security Researcher at: Chair for Network and Data Security,

818 views • 53 slides
CSE 127: I ntroduction to Security Lecture 16: Side Channels and Constant-Time Code Nadia

CSE 127: I ntroduction to Security Lecture 16: Side Channels and Constant-Time Code Nadia

CSE 127: I ntroduction to Security Lecture 16: Side Channels and Constant-Time Code Nadia Heninger and Deian Stefan UCSD Fall 2019 Some material from Dan Boneh, Stefan Savage Reminder: Side-channel attacks You saw before how timing

1.37k views • 81 slides
Nomad : Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon,

Nomad : Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon,

Nomad : Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar Michael K. Reiter Co-residency side-channel attacks in clouds Stealing secrets (e.g., keys) VM VM VM Machine Machine Many

1.03k views • 69 slides
Cognitive Asessment for the Determination of Mental Residual Functional Capacity David J.

Cognitive Asessment for the Determination of Mental Residual Functional Capacity David J.

Cognitive Asessment for the Determination of Mental Residual Functional Capacity David J. Schretlen, PhD OIDAP Meeting April 29, 2009 Person-Side Job-Side Abstract/ Hypothetical Level 5 Mental/ Interpersonal/ Things Data People

669 views • 47 slides
CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation Robert

CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation Robert

CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation Robert Brotzman, Shen Liu, Danfeng Zhang, Gang Tan, Mahmut Kandemir Pennsylvania State University Cache Side Channels Process Data CPU Cache Program Side

390 views • 20 slides
Loose Ends: Side Channels, Government Surveillance & Targeted

Loose Ends: Side Channels, Government Surveillance & Targeted

CSE 484 / CSE M 584: Computer Security and Privacy Loose Ends: Side Channels, Government Surveillance & Targeted Attacks Spring 2015 Franziska

622 views • 27 slides
Outline Side and covert channels Transient execution CSci 5271 Introduction to Computer

Outline Side and covert channels Transient execution CSci 5271 Introduction to Computer

Outline Side and covert channels Transient execution CSci 5271 Introduction to Computer Security Transient execution and kernel isolation: Meltdown Day 11: Side Channels and Transient Execution Stephen McCamant Transient execution and kernel

496 views • 4 slides
tidyfun : Tidy Functional Data A new framework for working with functional data in R Fabian Scheipl

tidyfun : Tidy Functional Data A new framework for working with functional data in R Fabian Scheipl

tidyfun : Tidy Functional Data A new framework for working with functional data in R Fabian Scheipl 1 Jeff Goldsmith 2 1 : Dept. of Statistics, LMU Munich 2 : Columbia University Mailman School of Public Health Functional Data Painful to work with:

969 views • 61 slides
15-388/688 - Practical Data Science: Debugging data science J. Zico Kolter School of Computer

15-388/688 - Practical Data Science: Debugging data science J. Zico Kolter School of Computer

15-388/688 - Practical Data Science: Debugging data science J. Zico Kolter School of Computer Science Fall 2019 1 Outline Data science debugging vs. traditional debugging Step 1: determine if your problem is impossible Step 2a: What to do

325 views • 28 slides
1 Data-dr Data-driven philosophy n philosophy Data-dr Data-driven: push n: push 7 8

1 Data-dr Data-driven philosophy n philosophy Data-dr Data-driven: push n: push 7 8

What What is is a a senso sensor network? network? 2 Tiny, untethered nodes with severe resource constraints Sensors, e.g., light, moisture, Tiny CPU and memory Da Data ta-Driven Pr -Driven Proc ocessing essing

177 views • 7 slides
Debugging Debugging with High Level Languages Same goals as low-level debugging Examine and

Debugging Debugging with High Level Languages Same goals as low-level debugging Examine and

Chapter 15 Debugging Debugging with High Level Languages Same goals as low-level debugging Examine and set values in memory Execute portions of program Stop execution when (and where) desired Want debugging tools to operate on

274 views • 9 slides
Off-Path Round Trip Time Measurement via TCP/IP Side Channels Geoffrey Alexander and Jedidiah R.

Off-Path Round Trip Time Measurement via TCP/IP Side Channels Geoffrey Alexander and Jedidiah R.

Off-Path Round Trip Time Measurement via TCP/IP Side Channels Geoffrey Alexander and Jedidiah R. Crandall University of New Mexico, USA How do you measure something? Interact directly T ake samples Multiple tests 2 Problem How

533 views • 26 slides
Isolation and side-channels Nadia Heninger and Deian Stefan Some slides adopted from John

Isolation and side-channels Nadia Heninger and Deian Stefan Some slides adopted from John

CSE 127: Computer Security Isolation and side-channels Nadia Heninger and Deian Stefan Some slides adopted from John Mitchell, Dan Boneh, and Stefan Savage Today Lecture objectives: Understand basic principles for building secure systems

1.08k views • 78 slides
Transient Side Channels Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher

Transient Side Channels Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher

Transient Side Channels Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher Reminder 1 st paper review due midnight on 09/27 (before the next lecture) You will receive an invitation from HotCRP

1.46k views • 78 slides
Transient Side Channels Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher

Transient Side Channels Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher

Transient Side Channels Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher Reminder 1 st paper review due midnight on 09/27 (before the next lecture) You will receive an invitation from HotCRP

561 views • 27 slides
Debugging Debugging Tools Module Overview Introduction to Debugging Problems in Production

Debugging Debugging Tools Module Overview Introduction to Debugging Problems in Production

Welcome to Advanced .NET Debugging Debugging Tools Module Overview Introduction to Debugging Problems in Production Challenges in debugging Production issues Production Environment Debugging Timeline Tools for .NET Debugging Review 3

622 views • 47 slides

More recommend