CS 595C
Side Channel Analysis via Model Counting Constraint Solvers
Fall 2016
Description:
Since computers are used in every aspect of modern life, many software
systems have access to secret information such as financial and medical
records of individuals, trade secrets of companies and military secrets
of states. Confidentiality, a core computer security attribute, dictates
that, a program that manipulates secret information should not reveal
that information. This can be hard to achieve if an attacker is able
to observe different aspects of program behavior such as execution time
and memory usage. Side-channel attacks recover secret information from
programs by observing non-functional characteristics of program executions
such as time consumed, number of memory accessed or packets transmitted
over a network. In this seminar we will discuss automated techniques for
side-channel analysis. We will also discuss the use of model counting
constraint solvers for side channel analysis, in order to quantify the
amount of information leaked from the identified side channels.
Instructor:
Tevfik Bultan
Organizational Meeting time:
Monday, September 26, 3:00PM
Location: HFH 1152
Enrollment Code: 74559
Units: This will be a 2 unit seminar
Schedule and Presentations
- Week 1 (Monday, 9-26, 3:00pm at HFH 1132): Introduction & Overview
- Week 2 (Monday, 10-3, 4:00pm at HFH 1132): Fish Wang will present
(slides):
Timing Analysis of Keystrokes and Timing Attacks on SSH.
Dawn Xiaodong Song, David Wagner, Xuqing Tian.
- Week 3 (Thursday, 10-13, 11:00am at HFH 1152): Miroslav Gavrilov will present
(slides):
An information-theoretic model for adaptive side-channel attacks.
Boris Köpf, David Basin.
- Week 4 (Thursday, 10-20, 11:00am at HFH 1152): Tegan Brennan will present
(slides):
Measuring Information Leakage Using Generalized Gain Functions
Mario S. Alvim, Kostas Chatzikokolakis, Catuscia Palamidessi, Geoffrey Smith.
- Week 5 (Thursday, 10-27, 11:00am at HFH 1152): Lucas Bang will present:
String Analysis for Side Channels with Segmented Oracles.
Lucas Bang, Abdulbaki Aydin, Quoc-Sang Phan, Corina S. Pasareanu, and Tevfik Bultan.
- Week 6 (Thursday, 11-3, 11:00am at HFH 1152): Ismet Burak Kadron will present
(slides):
The good old Davis-Putnam procedure helps counting models.
Elazar Birnbaum, Eliezer L. Lozinskii.
- Week 7 (Thursday, 11-10, 11:00am at HFH 1152):
Sanjana Sahayaraj will present
(slides)
Quantifying information leaks in software.
Jonathan Heusser, Pasquale Malacaria.
- Week 8 (Thursday, 11-17, 11:00am at HFH 1152): Seemanta Saha will present:
Automatic Discovery and Quantification of Information Leaks.
Michael Backes, Boris Köpf, Andrey Rybalchenko.
- Week 9 (MONDAY, 11-21, 4:00pm at HFH 1152): William Eiers will present:
Approximate Probabilistic Inference via Word-Level Counting.
Supratik Chakraborty, Kuldeep S. Meel, Rakesh Mistry, Moshe Y. Vardi
- Week 10 (Thursday, 12-1, 11:00am at HFH 1152):
Xiaofei Du will present:
Speeding Up SMT-Based Quantitative Program Analysis.
Daniel J. Fremont and Sanjit A. Seshia.
Binhan Xu will present:
On the relation between Differential Privacy and
Quantitative Information Flow.
Mario S. Alvim, Miguel E. Andres.
Course Work
- Each student has to read all the papers that are presented every week and participate in the discussion.
- Each student will be asked to present one week:
- Please prepare slides for presenting the high level ideas.
Use the whiteboard for detailed discussions and examples.
Reading List
- Side Channel Analysis
-
Timing Analysis of Keystrokes and Timing Attacks on SSH.
Dawn Xiaodong Song, David Wagner, Xuqing Tian.
-
An information-theoretic model for adaptive side-channel attacks.
Boris Köpf, David Basin.
-
Automatically deriving information-theoretic bounds for adaptive side-channel attacks.
Boris Köpf, David Basin.
-
On the Foundations of Quantitative Information Flow.
Geoffrey Smith.
-
Automatic Discovery and Quantification of Information Leaks.
Michael Backes, Boris Köpf, Andrey Rybalchenko.
-
Quantitative Security Analysis for Programs with Low Input and Noisy Output.
Tri Minh Ngo, Marieke Huisman.
-
Quantitative information flow under generic leakage functions and adaptive adversaries
M. Boreale, Francesca Pampaloni.
-
Measuring Information Leakage Using Generalized Gain Functions
Mario S. Alvim, Kostas Chatzikokolakis, Catuscia Palamidessi, Geoffrey Smith.
-
Multi-run Side-Channel Analysis Using Symbolic Execution and Max-SMT.
Corina S. Pasareanu, Quoc-Sang Phan, Pasquale Malacaria.
-
SMT-Based Verification of Software Countermeasures against Side-Channel Attacks.
Hassan Eldib, Chao Wang, Patrick Schaumont.
-
Assessing security threats of looping constructs.
Pasquale Malacaria.
-
A static analysis for quantifying information flow in a simple imperative language.
David Clark, Sebastian Hunt, Pasquale Malacaria.
Alternate link
-
Quantifying information leaks in software.
Jonathan Heusser, Pasquale Malacaria.
-
Symbolic quantitative information flow.
Quoc-Sang Phan, Pasquale Malacaria, Oksana Tkachuk, Corina S. Pasareanu.
-
On the relation between Differential Privacy and
Quantitative Information Flow.
Mario S. Alvim, Miguel E. Andres.
- Model Counting and SMT
-
Speeding Up SMT-Based Quantitative Program Analysis.
Daniel J. Fremont and Sanjit A. Seshia.
-
A Model Counter For Constraints Over Unbounded Strings.
Loi Luu, Shweta Shinde, Prateek Saxena.
-
The good old Davis-Putnam procedure helps counting models.
Elazar Birnbaum, Eliezer L. Lozinskii.
-
Satisfiability modulo counting: a new approach for analyzing privacy properties.
Matthew Fredrikson, Somesh Jha.
-
Symbolic Polytopes for Quantitative Interpolation and Verification.
Klaus v. Gleissenthall1, Boris Kopf, and Andrey Rybalchenko.
-
An Automata-Theoretic Algorithm for Counting Solutions to Presburger Formulas.
Erin Parker, Siddhartha Chatterjee.
-
Abstract model counting: a novel approach for quantification of information leaks.
Quoc-Sang Phan, Pasquale Malacaria.
-
A Polynomial Time Algorithm for Counting Integral Points in Polyhedra When the Dimension Is Fixed.
Alexander I. Barvinok.
-
Effective lattice point counting in rational convex polytopes.
Jesús A. De Loerab, Raymond Hemmeckeb, Jeremiah Tauzera, Ruriko Yoshidab.
-
Distribution-Aware Sampling and Weighted Model Counting for SAT.
Supratik Chakraborty, Daniel J. Fremont, Kuldeep S. Meel, Sanjit A. Seshia, Moshe Y. Vardi.
-
From Weighted to Unweighted Model Counting.
Supratik Chakraborty, Dror Fried, Kuldeep S. Meel, Moshe Y. Vardi.
-
Algorithmic Improvements in Approximate Counting for Probabilistic Inference: From Linear to Logarithmic SAT Calls
Supratik Chakraborty, Kuldeep S. Meel, Moshe Y. Vardi.
-
Approximate Probabilistic Inference via Word-Level Counting.
Supratik Chakraborty, Kuldeep S. Meel, Rakesh Mistry, Moshe Y. Vardi.