Parametric Timed Model Checking for Guaranteeing Timed Opacity

  • Étienne AndréEmail author
  • Jun Sun
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11781)


Information leakage can have dramatic consequences on systems security. Among harmful information leaks, the timing information leakage is the ability for an attacker to deduce internal information depending on the system execution time. We address the following problem: given a timed system, synthesize the execution times for which one cannot deduce whether the system performed some secret behavior. We solve this problem in the setting of timed automata (TAs). We first provide a general solution, and then extend the problem to parametric TAs, by synthesizing internal timings making the TA secure. We study decidability, devise algorithms, and show that our method can also apply to program analysis.



We thank Sudipta Chattopadhyay for helpful suggestions, Jiaying Li for his help with preliminary model conversion, and a reviewer for suggesting Remark 1.


  1. 1.
    Abbasi, I.H., Lodhi, F.K., Kamboh, A.M., Hasan, O.: Formal verification of gate-level multiple side channel parameters to detect hardware Trojans. In: Artho, C., Ölveczky, P.C. (eds.) FTSCS 2016. CCIS, vol. 694, pp. 75–92. Springer, Cham (2017). Scholar
  2. 2.
    Alur, R., Dill, D.L.: A theory of timed automata. TCS 126(2), 183–235 (1994). Scholar
  3. 3.
    Alur, R., Henzinger, T.A., Vardi, M.Y.: Parametric real-time reasoning. In: Kosaraju, S.R., Johnson, D.S., Aggarwal, A. (eds.) STOC, pp. 592–601. ACM, New York (1993).
  4. 4.
    André, É.: What’s decidable about parametric timed automata? STTT 21(2), 203–219 (2019). Scholar
  5. 5.
    André, É., Chatain, T., Encrenaz, E., Fribourg, L.: An inverse method for parametric timed automata. IJFCS 20(5), 819–836 (2009). Scholar
  6. 6.
    André, É., Fribourg, L., Kühne, U., Soulat, R.: IMITATOR 2.5: a tool for analyzing robustness in scheduling problems. In: Giannakopoulou, D., Méry, D. (eds.) FM 2012. LNCS, vol. 7436, pp. 33–36. Springer, Heidelberg (2012). Scholar
  7. 7.
    Barbuti, R., Francesco, N.D., Santone, A., Tesei, L.: A notion of non-interference for timed automata. FI 51(1–2), 1–11 (2002)MathSciNetzbMATHGoogle Scholar
  8. 8.
    Benattar, G., Cassez, F., Lime, D., Roux, O.H.: Control and synthesis of non-interferent timed systems. Int. J. Control 88(2), 217–236 (2015). Scholar
  9. 9.
    Cassez, F.: The dark side of timed opacity. In: Park, J.H., Chen, H.-H., Atiquzzaman, M., Lee, C., Kim, T., Yeo, S.-S. (eds.) ISA 2009. LNCS, vol. 5576, pp. 21–30. Springer, Heidelberg (2009). Scholar
  10. 10.
    Chattopadhyay, S., Roychoudhury, A.: Scalable and precise refinement of cache timing analysis via model checking. In: RTSS, pp. 193–203 (2011).
  11. 11.
    Chu, D., Jaffar, J., Maghareh, R.: Precise cache timing analysis via symbolic execution. In: RTAS, pp. 293–304 (2016).
  12. 12.
    Doychev, G., Feld, D., Köpf, B., Mauborgne, L., Reineke, J.: Cacheaudit: a tool for the static analysis of cache side channels. In: King, S.T. (ed.) USENIX Security Symposium, pp. 431–446. USENIX Association (2013)Google Scholar
  13. 13.
    Gardey, G., Mullins, J., Roux, O.H.: Non-interference control synthesis for security timed automata. ENTCS 180(1), 35–53 (2007). Scholar
  14. 14.
    Hune, T., Romijn, J., Stoelinga, M., Vaandrager, F.W.: Linear parametric model checking of timed automata. JLAP 52–53, 183–220 (2002). Scholar
  15. 15.
    Jovanović, A., Lime, D., Roux, O.H.: Integer parameter synthesis for real-time systems. TSE 41(5), 445–461 (2015). Scholar
  16. 16.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). Scholar
  17. 17.
    Lv, M., Yi, W., Guan, N., Yu, G.: Combining abstract interpretation with model checking for timing analysis of multicore software. In: RTSS, pp. 339–349. IEEE Computer Society (2010).
  18. 18.
    Nielson, F., Nielson, H.R., Vasilikos, P.: Information flow for timed automata. In: Aceto, L., Bacci, G., Bacci, G., Ingólfsdóttir, A., Legay, A., Mardare, R. (eds.) Models, Algorithms, Logics and Tools. LNCS, vol. 10460, pp. 3–21. Springer, Cham (2017). Scholar
  19. 19.
    Vasilikos, P., Nielson, F., Nielson, H.R.: Secure information release in timed automata. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 28–52. Springer, Cham (2018). Scholar
  20. 20.
    Wang, C., Schaumont, P.: Security by compilation: an automated approach to comprehensive side-channel resistance. SIGLOG News 4(2), 76–89 (2017). Scholar
  21. 21.
    Wu, M., Guo, S., Schaumont, P., Wang, C.: Eliminating timing side-channel leaks using program repair. In: Tip, F., Bodden, E. (eds.) ISSTA, pp. 15–26. ACM (2018).
  22. 22.
    Zhang, J., Gao, P., Song, F., Wang, C.: SCInfer: refinement-based verification of software countermeasures against side-channel attacks. In: Chockler, H., Weissenbacher, G. (eds.) CAV 2018. LNCS, vol. 10982, pp. 157–177. Springer, Cham (2018). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Université Paris 13, LIPN, CNRS, UMR 7030VilletaneuseFrance
  2. 2.JFLI, CNRSTokyoJapan
  3. 3.National Institute of InformaticsTokyoJapan
  4. 4.School of Information SystemsSingapore Management UniversitySingaporeSingapore

Personalised recommendations