Symbolic Verification of Cache Side-channel Freedom
This addresses the security vulnerability of cache side-channel attacks for software developers and users, offering an automated solution to enhance program safety.
The paper tackles the problem of automatically verifying and patching programs against cache timing attacks, presenting the CACHEFIX framework that either verifies cache side-channel freedom or synthesizes patches, with evaluation showing it (dis)proves freedom in an average of 75 seconds and synthesizes patches within 20 minutes in most cases.
Cache timing attacks allow third-party observers to retrieve sensitive information from program executions. But, is it possible to automatically check the vulnerability of a program against cache timing attacks and then, automatically shield program executions against these attacks? For a given program, a cache configuration and an attack model, our CACHEFIX framework either verifies the cache side-channel freedom of the program or synthesizes a series of patches to ensure cache side-channel freedom during program execution. At the core of our framework is a novel symbolic verification technique based on automated abstraction refinement of cache semantics. The power of such a framework is to allow symbolic reasoning over counterexample traces and to combine it with runtime monitoring for eliminating cache side channels during program execution. Our evaluation with routines from OpenSSL, libfixedtimefixedpoint, GDK and FourQlib libraries reveals that our CACHEFIX approach (dis)proves cache sidechannel freedom within an average of 75 seconds. Besides, in all except one case, CACHEFIX synthesizes all patches within 20 minutes to ensure cache side-channel freedom of the respective routines during execution.