Write a Blog >>
ICSE 2020
Wed 24 June - Thu 16 July 2020
Thu 9 Jul 2020 00:36 - 00:48 at Baekje - P13-Security Chair(s): Joshua Garcia

CPU cache is limited but crucial storage on modern processor whereas the cache timing side-channel could indirectly leak data through the measurable timing variance. Speculative execution, a reason for the variance and a vital optimization in modern CPUs, can engender severe detriment to deliberate branch mispredictions. Though static analysis can qualitatively verify the timing-leakage-free property under speculative execution, it is incapable of producing endorsements including inputs and speculated flows to diagnose leaks in depth. This work proposes a new approach, Speculative symbolic Execution, for precisely validating cache timing leaks introduced by speculative execution. Generally, given a program with sensitive inputs (leakage-free in non-speculative execution), our method systematically explores the program state space. Meanwhile, it models speculative behavior at conditional branches and accumulates the cache side effects along with subsequent execution. Based on the dynamic exploration and a specified cache model, we construct leak conditions for memory accesses and conduct a constraint-solving based cache behavior analysis to generate leak witnesses. We have implemented our method in a tool named SpecuSym on KLEE, and evaluated it against 14 open-source benchmarks. Experiments show that SpecuSym successfully identified leaks in 6 programs on four different caches and eliminated false positives in 2 programs reported by recent work.

Thu 9 Jul
Times are displayed in time zone: (UTC) Coordinated Universal Time change

00:00 - 01:00: P13-SecurityPaper Presentations / Technical Papers / Software Engineering in Practice at Baekje
Chair(s): Joshua GarciaUniversity of California, Irvine
00:00 - 00:12
Burn After Reading: A Shadow Stack with Microsecond-level Runtime Rerandomization for Protecting Return AddressesTechnicalArtifact Available
Technical Papers
Changwei ZouUNSW Sydney, Jingling XueUNSW Sydney
00:12 - 00:24
Automated Identification of Libraries from Vulnerability DataSEIP
Software Engineering in Practice
Chen YangVeracode, Inc., Andrew SantosaVeracode, Inc., Asankhaya SharmaVeracode, Inc., David LoSingapore Management University
Pre-print Media Attached
00:24 - 00:36
Unsuccessful Story about Few Shot Malware-Family Classification and Siamese Network to the RescueTechnical
Technical Papers
Yude BaiTianjin University, Zhenchang XingAustralia National University, Li XiaohongTianJin University, Zhiyong FengTianjin University, Duoyuan MaTianjin University
00:36 - 00:48
SpecuSym: Speculative Symbolic Execution for Cache Timing Leak DetectionTechnical
Technical Papers
Shengjian GuoBaidu X-Lab, Yueqi ChenThe Pennsylvania State University, Peng LiBaidu X-Lab, Yueqiang ChengBaidu Security, Huibo WangBaidu X-Lab, Meng WuAnt Financial, Zhiqiang ZuoNanjing University, China
00:48 - 01:00
Building and Maintaining a Third-Party Library Supply Chain for Productive and Secure SGX Enclave DevelopmentSEIP
Software Engineering in Practice
Pei WangBaidu X-Lab, Yu DingBaidu X-Lab, Mingshen SunBaidu X-Lab, Huibo WangBaidu X-Lab, Tongxin LiBaidu X-Lab, Rundong ZhouBaidu X-Lab, Zhaofeng Chen, Yiming JingBaidu X-Lab