ct-fuzz: Fuzzing for Timing Leaks
This addresses security vulnerabilities from side-channel leaks in software, particularly for cryptographic systems, representing a novel extension of fuzzing rather than an incremental improvement.
The authors tackled the problem of detecting information leaks, such as timing side channels, in complex software by extending testing-based methodologies to two-safety properties, resulting in the ct-fuzz tool that swiftly reveals timing leaks in cryptographic implementations.
Testing-based methodologies like fuzzing are able to analyze complex software which is not amenable to traditional formal approaches like verification, model checking, and abstract interpretation. Despite enormous success at exposing countless security vulnerabilities in many popular software projects, applications of testing-based approaches have mainly targeted checking traditional safety properties like memory safety. While unquestionably important, this class of properties does not precisely characterize other important security aspects such as information leakage, e.g., through side channels. In this work we extend testing-based software analysis methodologies to two-safety properties, which enables the precise discovery of information leaks in complex software. In particular, we present the ct-fuzz tool, which lends coverage-guided greybox fuzzers the ability to detect two-safety property violations. Our approach is capable of exposing violations to any two-safety property expressed as equality between two program traces. Empirically, we demonstrate that ct-fuzz swiftly reveals timing leaks in popular cryptographic implementations.