Name
Abstract | ||
|---|---|---|
ABSTRACTObservational models enable the analysis of information flow properties against side channels. Relational testing has been used to validate the soundness of these models by measuring the side channel on states that the model considers indistinguishable. However, unguided search can generate test states that are too similar to each other to invalidate the model. To address this we introduce observation refinement, a technique to guide the exploration of the state space to focus on hardware features of interest. We refine observational models to include fine-grained observations that characterize behavior that we want to exclude. States that yield equivalent refined observations are then ruled out, reducing the size of the space. We have extended an existing model validation framework, Scam-V, to support refinement. We have evaluated the usefulness of refinement for search guidance by analyzing cache coloring and speculative leakage in the ARMv8-A architecture. As a surprising result, we have exposed SiSCLoak, a new vulnerability linked to speculative execution in Cortex-A53. |
Year | DOI | Venue |
|---|---|---|
2021 | 10.1145/3466752.3480130 | Microarchitecture |
DocType | Citations | PageRank |
Conference | 0 | 0.34 |
References | Authors | |
0 | 4 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Pablo Buiras | 1 | 0 | 0.34 |
| Hamed Nemati | 2 | 51 | 4.38 |
| Andreas Lindner | 3 | 0 | 0.34 |
| Roberto Guanciale | 4 | 54 | 5.05 |