Efficient Symbolic Execution of Concurrent Software

Guo, Shengjian

26 April 2019

Concurrent software has been widely utilizing in computer systems owing to the highly efficient computation. However, testing and verifying concurrent software remain challenging tasks. This matter is not only because of the non-deterministic thread interferences which are hard to reason about but also because of the large state space due to the simultaneous path and interleaving explosions. That is, the number of program paths in each thread may be exponential in the number of branch conditions, and also, the number of thread interleavings may be exponential in the number of concurrent operations. This dissertation presents a set of new methods, built upon symbolic execution, a program analysis technique that systematically explores program state space, for testing concurrent programs. By modeling both functional and non-functional properties of the programs as assertions, these new methods efficiently analyze the viable behaviors of the given concurrent programs. The first method is assertion guided symbolic execution, a state space reduction technique that identifies and eliminates redundant executions w.r.t the explored interleavings. The second method is incremental symbolic execution, which generates test inputs only for the influenced program behaviors by the small code changes between two program versions. The third method is SYMPLC, a technique with domain-specific reduction strategies for generating tests for the multitasking Programmable Logic Controller (PLC) programs written in languages specified by the IEC 61131-3 standard. The last method is adversarial symbolic execution, a technique for detecting concurrency related side-channel information leaks by analyzing the cache timing behaviors of a concurrent program in symbolic execution. This dissertation evaluates the proposed methods on a diverse set of both synthesized programs and real-world applications. The experimental results show that these techniques can significantly outperform state-of-the-art symbolic execution tools for concurrent software. / Doctor of Philosophy / Software testing is a technique that runs software as a black-box on computer hardware multiple times, with different inputs per run, to test if the software behavior conforms to the designed functionality by developers. Nowadays, programmers have been increasingly developing multithreaded and multitasking software, e.g., web browser and web server, to utilize the highly efficient multiprocessor hardware. This approach significantly improves the software performance since a large computing job can now decompose to a set of small jobs which can then distribute to concurrently running threads (tasks). However, testing multithreaded (multitask) software is extremely challenging. The most critical problem is the inherent non-determinism. Typically, executing sequential software with the same input data always results in the same output. However, running a multithreaded (multitask) software multiple times, even under the same input data, may yield different output in each run. The root reason is that concurrent threads (tasks) may interleave their running progress at any time; thus the internal software execution order may be altered unexpectedly, causing runtime errors. Meanwhile, finding such faults is difficult, since the number of all possible interleavings can be exponentially growing in the number of concurrent thread (task) operations. This dissertation proposes four methods to test multithreaded/multitask software efficiently. The first method summarizes the already-tested program behaviors to avoid future testing runs that cannot lead to new faults. The second method only tests program behaviors that are impacted by program changes. The third method tests multitask Programmable Logic Controller (PLC) programs by excluding infeasible testing runs w.r.t the PLC semantics. The last method tests non-functional program properties by systematic concurrency analysis. This dissertation evaluates these methods upon a diverse set of benchmarks. The experimental results show that the proposed methods significantly outperform state-of-the-art techniques for concurrent software analysis.

Symbolic Execution

Concurrency

Predicate summary

Change impact analysis

Programmable logic controller

Side-channel leak

Algorithms and Frameworks for Accelerating Security Applications on HPC Platforms

Yu, Xiaodong

09 September 2019

Typical cybersecurity solutions emphasize on achieving defense functionalities. However, execution efficiency and scalability are equally important, especially for real-world deployment. Straightforward mappings of cybersecurity applications onto HPC platforms may significantly underutilize the HPC devices' capacities. On the other hand, the sophisticated implementations are quite difficult: they require both in-depth understandings of cybersecurity domain-specific characteristics and HPC architecture and system model. In our work, we investigate three sub-areas in cybersecurity, including mobile software security, network security, and system security. They have the following performance issues, respectively: 1) The flow- and context-sensitive static analysis for the large and complex Android APKs are incredibly time-consuming. Existing CPU-only frameworks/tools have to set a timeout threshold to cease the program analysis to trade the precision for performance. 2) Network intrusion detection systems (NIDS) use automata processing as its searching core and requires line-speed processing. However, achieving high-speed automata processing is exceptionally difficult in both algorithm and implementation aspects. 3) It is unclear how the cache configurations impact time-driven cache side-channel attacks' performance. This question remains open because it is difficult to conduct comparative measurement to study the impacts. In this dissertation, we demonstrate how application-specific characteristics can be leveraged to optimize implementations on various types of HPC for faster and more scalable cybersecurity executions. For example, we present a new GPU-assisted framework and a collection of optimization strategies for fast Android static data-flow analysis that achieve up to 128X speedups against the plain GPU implementation. For network intrusion detection systems (IDS), we design and implement an algorithm capable of eliminating the state explosion in out-of-order packet situations, which reduces up to 400X of the memory overhead. We also present tools for improving the usability of Micron's Automata Processor. To study the cache configurations' impact on time-driven cache side-channel attacks' performance, we design an approach to conducting comparative measurement. We propose a quantifiable success rate metric to measure the performance of time-driven cache attacks and utilize the GEM5 platform to emulate the configurable cache. / Doctor of Philosophy / Typical cybersecurity solutions emphasize on achieving defense functionalities. However, execution efficiency and scalability are equally important, especially for the real-world deployment. Straightforward mappings of applications onto High-Performance Computing (HPC) platforms may significantly underutilize the HPC devices’ capacities. In this dissertation, we demonstrate how application-specific characteristics can be leveraged to optimize various types of HPC executions for cybersecurity. We investigate several sub-areas, including mobile software security, network security, and system security. For example, we present a new GPU-assisted framework and a collection of optimization strategies for fast Android static data-flow analysis that achieve up to 128X speedups against the unoptimized GPU implementation. For network intrusion detection systems (IDS), we design and implement an algorithm capable of eliminating the state explosion in out-of-order packet situations, which reduces up to 400X of the memory overhead. We also present tools for improving the usability of HPC programming. To study the cache configurations’ impact on time-driven cache side-channel attacks’ performance, we design an approach to conducting comparative measurement. We propose a quantifiable success rate metric to measure the performance of time-driven cache attacks and utilize the GEM5 platform to emulate the configurable cache.

Cybersecurity

HPC

GPU

Intrusion Detection

Automata Processor

Android Program Analysis

Cache Side-Channel Attack

Analysis and Enforcement of Properties in Software Systems

Wu, Meng

02 July 2019

Due to the lack of effective techniques for detecting and mitigating property violations, existing approaches to ensure the safety and security of software systems are often labor intensive and error prone. Furthermore, they focus primarily on functional correctness of the software code while ignoring micro-architectural details of the underlying processor, such as cache and speculative execution, which may undermine their soundness guarantees. To fill the gap, I propose a set of new methods and tools for ensuring the safety and security of software systems. Broadly speaking, these methods and tools fall into three categories. The first category is concerned with static program analysis. Specifically, I develop a novel abstract interpretation framework that considers both speculative execution and a cache model, and guarantees to be sound for estimating the execution time of a program and detecting side-channel information leaks. The second category is concerned with static program transformation. The goal is to eliminate side channels by equalizing the number of CPU cycles and the number of cache misses along all program paths for all sensitive variables. The third category is concerned with runtime safety enforcement. Given a property that may be violated by a reactive system, the goal is to synthesize an enforcer, called the shield, to correct the erroneous behaviors of the system instantaneously, so that the property is always satisfied by the combined system. I develop techniques to make the shield practical by handling both burst error and real-valued signals. The proposed techniques have been implemented and evaluated on realistic applications to demonstrate their effectiveness and efficiency. / Doctor of Philosophy / It is important for everything around us to follow some rules to work correctly. That is the same for our software systems to follow the security and safety properties. Especially, softwares may leak information via unexpected ways, e.g. the program timing, which makes it more difficult to be detected or mitigated. For instance, if the execution time of a program is related to the sensitive value, the attacker may obtain information about the sensitive value. On the other side, due to the complexity of software, it is nearly impossible to fully test or verify them. However, the correctness of software systems at runtime is crucial for critical applications. While existing approaches to find or resolve properties violation problem are often labor intensive and error prone, in this dissertation, I first propose an automated tool for detecting and mitigating the security vulnerability through program timing. Programs processed by the tool are guaranteed to be time constant under any sensitive values. I have also taken the influence of speculative execution, which is the cause behind recent Spectre and Meltdown attack, into consideration for the first time. To enforce the correctness of programs at runtime, I introduce an extra component that can be attached to the original system to correct any violation if it happens, thus the entire system will still be correct. All proposed methods have been evaluated on a variety of real world applications. The results show that these methods are effective and efficient in practice.

Shield Synthesis

Program Analysis

Timing Side Channel

Cache Timing Leak

Speculative Execution

Abstract Interpretation

Architecture Support for Countermeasures against Side-Channel Analysis and Fault Attack

Kiaei, Pantea

January 2019

The cryptographic algorithms are designed to be mathematically secure; however, side-channel analysis attacks go beyond mathematics by taking measurements of the device’s electrical activity to reveal the secret data of a cipher. These attacks also go hand in hand with fault analysis techniques to disclose the secret key used in cryptographic ciphers with even fewer measurements. This is of practical concern due to the ubiquity of embedded systems that allow physical access to the adversary such as smart cards, ATMs, etc.. Researchers through the years have come up with techniques to block physical attacks to the hardware or make such attacks less likely to succeed. Most of the conducted research consider one or the other of side-channel analysis and fault injection attacks whereas, in a real setting, the adversary can simultaneously take advantage of both to retrieve the secret data with less effort. Furthermore, very little work considers a software implementation of these ciphers although, with the availability of small and affordable or free microarchitectures, and flexibility and simplicity of software implementations, it is at times more practical to have a software implementation of ciphers instead of dedicated hardware chips. In this project, we come up with a modular presentation, suitable for software implementation of ciphers, to allow having simultaneous resistance against side-channel and fault analysis attacks. We also present an extension at the microarchitecture level to make our proposed countermeasures more intact and efficient. / M.S. / Ciphers are algorithms designed by mathematicians. They protect data by encrypting them. In one of the main categories of these ciphers, called symmetric-key ciphers, a secret key is used to both encrypt and decrypt the data. Once the secret key of a cipher is retrieved, anyone can find the decoded data and thereby access the original data. Cryptographers traditionally sought to design ciphers in such a way that no adversary could reveal the secret key by finding holes in the algorithm. However, this has been shown insufficient for a specific implementation of a cryptographic algorithm to be considered as “unbreakable” since the physical properties of the implementation, can help an adversary find the secret key and break the encryption. Analyzing these physical properties can be either active; by making controlled changes in the normal progress of its execution, or passive; by merely measuring the physical properties during normal execution. Designers try to take these analyses into account when implementing a cryptographic function and so, in this project, we aim to present architectural support for a combination of some of the countermeasures.

Side-channel attacks

Fault attacks

Custom-instruction extensions

Bitslicing

Software countermeasures

Constraint Based Program Synthesis for Embedded Software

Eldib, Hassan Shoukry

30 July 2015

In the world that we live in today, we greatly rely on software in nearly every aspect of our lives. In many critical applications, such as in transportation and medical systems, catastrophic consequences could occur in case of buggy software. As the computational power and storage capacity of computer hardware keep increasing, so are the size and complexity of the software. This makes testing and verification increasingly challenging in practice, and consequentially creates a chance for software with critical bugs to find their way into the consumer market. In this dissertation, I present a set of innovative new methods for automatically verifying, as well as synthesizing, critical software and hardware in embedded computing applications. Based on a set of rigorous formal analysis techniques, my methods can guarantee that the resulting software are efficient and secure as well as provably correct. / Ph. D.

Program Synthesis

Formal Verification

Embedded Software

Security

Cryptography

Side-Channel Attacks and Countermeasures

SCA-Resistant and High-Performance Embedded Cryptography Using Instruction Set Extensions and Multi-Core Processors

Chen, Zhimin

28 July 2011

Nowadays, we use embedded electronic devices in almost every aspect of our daily lives. They represent our electronic identity; they store private information; they monitor health status; they do confidential communications, and so on. All these applications rely on cryptography and, therefore, present us a research objective: how to implement cryptography on embedded systems in a trustworthy and efficient manner. Implementing embedded cryptography faces two challenges - constrained resources and physical attacks. Due to low cost constraints and power budget constraints, embedded devices are not able to use high-end processors. They cannot run at extremely high frequencies either. Since most embedded devices are portable and deployed in the field, attackers are able to get physical access and to mount attacks as they want. For example, the power dissipation, electromagnetic radiation, and execution time of embedded cryptography enable Side-Channel Attacks (SCAs), which can break cryptographic implementations in a very short time with a quite low cost. In this dissertation, we propose solutions to efficient implementation of SCA-resistant and high-performance cryptographic software on embedded systems. These solutions make use of two state-of-the-art architectures of embedded processors: instruction set extensions and multi-core architectures. We show that, with proper processor micro-architecture design and suitable software programming, we are able to deliver SCA-resistant software which performs well in security, performance, and cost. In comparison, related solutions have either high hardware cost or poor performance or low attack resistance. Therefore, our solutions are more practical and see a promising future in commercial products. Another contribution of our research is the proper partitioning of the Montgomery multiplication over multi-core processors. Our solution is scalable over multiple cores, achieving almost linear speedup with a high tolerance to inter-core communication delays. We expect our contributions to serve as solid building blocks that support secure and high-performance embedded systems. / Ph. D.

embedded systems

embedded security

virtual secure circuit

cryptography

pSHS

side-channel attack

parallel Montgomery multiplication

Side-Channel Attacks on Encrypted 5G/4G Voice Calls

Shaan Shekhar (18463575)

01 May 2024

<p dir="ltr">5G/4G voice calls are encrypted for the purpose of confidentiality, secrecy and privacy. Although protected by well-examined security measures we unveil several vulnerabilities previously unreported in the 5G/4G voice calls that unintentionally leak 5G/4G call state information despite encryption protection and device proof of concept attacks in this thesis. Unlike existing attacks, these new attacks are significantly more threatening because they are completely contactless without requiring any malware, access or compromise on the victim's phones, the 5G/4G network and the other call party. Instead, the attacker only needs to deploy a radio sniffer to eavesdrop on 5G/4G communication and infer confidential call information.</p><p dir="ltr">Interestingly, such confidentiality breaches are technically feasible due to recent 5G/4G call enhancement technologies standardized in the 3GPP specifications and adopted by mobile network operators. While effective in enhancing 5G/4G call quality and efficiency, they, unfortunately, expose extra call information, which can be exploited to infer call states and launch side-channel attacks precisely. Another major contributor to this attack is the IVR technology, which uses a computer-operated telephone system to help companies answer customer calls. In this thesis, we focus on snooping Pay-over-the-Phone transactions done over IVR calls and optionally inferring the company involved in the transaction. The attacks exploit technologies designed to enhance the call quality and efficiency and develop several attack modules to (1) detect voice calls over encrypted 5G/4G traffic, (2) infer the use of IVR over limited call information leaked in the air, and (3) spy on sensitive payment transactions in real-time. We have implemented this proof-of-concept attack using an SDR-based sniffer only. We have validated its effectiveness and assessed damages in various experiments with 5G operators in the US. Lastly, we have discussed the lessons learned from the attacks and the future work that can be done to improve the efficiency of the attacks and make them more threatening.</p>

System and network security

Voice Call Security

Phone Call Security

Side Channel Attacks

Inference Attacks

A Physical Hash for Preventing and Detecting Cyber-Physical Attacks in Additive Manufacturing Systems

Brandman, Joshua Erich

22 June 2017

This thesis proposes a new method for detecting malicious cyber-physical attacks on additive manufacturing (AM) systems. The method makes use of a physical hash, which links digital data to the manufactured part via a disconnected side-channel measurement system. The disconnection ensures that if the network and/or AM system become compromised, the manufacturer can still rely on the measurement system for attack detection. The physical hash takes the form of a QR code that contains a hash string of the nominal process parameters and toolpath. It is manufactured alongside the original geometry for the measurement system to scan and compare to the readings from its sensor suite. By taking measurements in situ, the measurement system can detect in real-time if the part being manufactured matches the designer's specification. A proof-of-concept validation was realized on a material extrusion machine. The implementation was successful and demonstrated the ability of this method to detect the existence (and absence) of malicious attacks on both process parameters and the toolpath. A case study for detecting changes to the toolpath is also presented, which uses a simple measurement of how long each layer takes to build. Given benchmark readings from a 30x30 mm square layer created on a material extrusion system, several modifications were able to be detected. The machine's repeatability and measurement technique's accuracy resulted in the detection of a 1 mm internal void, a 2 mm scaling attack, and a 1 mm skewing attack. Additionally, for a short to moderate length build of an impeller model, it was possible to detect a 0.25 mm change in the fin base thickness. A second case study is also presented wherein dogbone tensile test coupons were manufactured on a material extrusion system at different extrusion temperatures. This process parameter is an example of a setting that can be maliciously modified and have an effect on the final part strength without the operator's knowledge. The performance characteristics (Young's modulus and maximum stress) were determined to be statistically different at different extrusion temperatures (235 and 270 °C). / Master of Science / Additive Manufacturing (AM, also known as 3D printing) machines are cyber-physical systems and are therefore vulnerable to malicious attacks that can cause physical damage to the parts being manufactured or even to the machine itself. This thesis proposes a new method for detecting that an AM system has been hacked. Attacks are identified via a series of measurements taken by a measurement system that is disconnected from the main network. The disconnection ensures that if the network and/or AM system are hacked, the manufacturer can still rely on the measurement system for attack detection. The proposed method uses a physical hash to transfer information to the disconnected measurement system. This physical hash takes the form of a QR code and stores in it the nominal process parameters and toolpath of the build. It is manufactured alongside the original geometry for the measurement system to scan and compare to the readings from its sensor suite. By taking measurements in real-time, the measurement system can detect if the part being manufactured matches the designer’s specification. A proof-of-concept of the proposed method was realized on a common AM system. The implementation was successful and demonstrated the ability of this method to detect the existence of a malicious attack. A case study for detecting changes to the toolpath is also proposed using the simple measurement of how long each layer takes to build. Given benchmark readings of a part manufactured on the same technology as the proof-of-concept implementation, several modifications were able to be detected. The attack types tested were the insertion of an internal void, scaling the part, and skewing the part. A second case study is also presented where components were manufactured at different extrusion temperatures. By measuring the force required to break the parts, it was determined that temperature has an effect on the final part strength. This confirmed that malicious attacks targeting extrusion temperature are a plausible threat, and that the parameter should be measured in the proposed system.

additive manufacturing

3D printing

cyber-physical security

physical hash

in situ monitoring

side-channel measurement

Moderní kryptoanalýza / Modern cryptanalysis

Petřík, Tomáš

January 2011

Issues of this thesis are focused on side-channel cryptanalysis. Particularly attention is paid to differential power analysis, when is simulated an attack on the cryptographic module for different conditions and for different structural features of this module. As the cryptographic module is used a PIC microcontroller, which is operating with AES symmetric encryption algorithm. For this purpose, a design of experimental printed circuit board was created. Then, this PCB was equipped only with the necessary components for the function of the cryptographic module. Cryptanalysis is aimed on current consumption of crypto module that is caused by execution of AddRoundKey instructions. Power consumption of PIC microcontroller is measured in depending on the size of power supply voltage, size of serial resistor, size of bypass capacitor, and this thesis also examines the influence of ambient temperature on power consumption of PIC. The measured values are graphically presented and then discussed.

Studie turbiny s vířivým oběžným kolem / Study of turbine with side channel runner

Jandourek, Pavel

January 2012

This thesis deals with proposal of constructional solving turbine with side channel. Basis for the design is lossy characteristics of the valve. The intention is to replace hydraulic closures by turbine with side channel runner. Hydraulic losses in the flow restriction in turn replaced by the electricity generation in the comparable characteristics of valve and turbine.