Inferring Secrets by Guided Experiments

Do, Quoc Huy; Bubel, Richard; Hähnle, Reiner

doi:10.1007/978-3-319-67729-3_16

Inferring Secrets by Guided Experiments

Quoc Huy Do¹⁵,
Richard Bubel¹⁵ &
Reiner Hähnle¹⁵

Conference paper
First Online: 17 September 2017

530 Accesses
1 Citations

Part of the Lecture Notes in Computer Science book series (LNTCS,volume 10580)

Abstract

A program has secure information flow if it does not leak any secret information to publicly observable output. A large number of static and dynamic analyses have been devised to check programs for secure information flow. In this paper, we present an algorithm that can carry out a systematic and efficient attack to automatically extract secrets from an insecure program. The algorithm combines static analysis and dynamic execution. The attacker strategy learns from past experiments and chooses as its next attack one that promises maximal knowledge gain about the secret. The idea is to provide the software developer with concrete information about the severity of an information leakage.

Keywords

Information flow
Symbolic execution
Static analysis

This is a preview of subscription content, access via your institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 59.99; Price excludes VAT (USA)

Softcover Book: USD 79.99; Price excludes VAT (USA)

Learn about institutional subscriptions

Notes

1.
www.coin-or.org/Bonmin and projects.coin-or.org/Couenne.

References

Alvim, M., Chatzikokolakis, K., Palamidessi, C., Smith, G.: Measuring information leakage using generalized gain functions. In: 2012 IEEE 25th Computer Security Foundations Symposium (CSF), pp. 265–279, June 2012
Google Scholar
Alvim, M.S., Scedrov, A., Schneider, F.B.: When not all bits are equal: worth-based information flow. In: Abadi, M., Kremer, S. (eds.) POST 2014. LNCS, vol. 8414, pp. 120–139. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54792-8_7
CrossRef Google Scholar
Backes, M., Kopf, B., Rybalchenko, A.: Automatic discovery and quantification of information leaks. In: 30th Symposium on Security and Privacy, pp. 141–153 (2009)
Google Scholar
Benoist, T., Estellon, B., Gardi, F., Megel, R., Nouioua, K.: Localsolver 1.x: a black-box local-search solver for 0–1 programming. 4OR 9, 299–316 (2011)
MathSciNet CrossRef MATH Google Scholar
Clark, D., Hunt, S., Malacaria, P.: A static analysis for quantifying information flow in a simple imperative language. J. Comput. Secur. 15(3), 321–371 (2007)
CrossRef Google Scholar
Clarkson, M.R., Myers, A.C., Schneider, F.B.: Quantifying information flow with beliefs. J. Comput. Secur. 17(5), 655–701 (2009)
CrossRef Google Scholar
Darvas, Á., Hähnle, R., Sands, D.: A theorem proving approach to analysis of secure information flow. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 193–209. Springer, Heidelberg (2005). doi:10.1007/978-3-540-32004-3_20
CrossRef Google Scholar
Do, Q.H., Bubel, R., Hähnle, R.: Exploit generation for information flow leaks in object-oriented programs. In: Federrath, H., Gollmann, D. (eds.) ICT Systems Security and Privacy Protection. IFIPAICT, vol. 455. Springer, Cham (2015). doi:10.1007/978-3-319-18467-8_27
CrossRef Google Scholar
Do, Q.H., Bubel, R., Hähnle, R.: Inferring secrets by guided experiments. Technical report, TU Darmstadt (2017)
Google Scholar
Gay, D.M.: The AMPL modeling language: an aid to formulating and solving optimization problems. In: Al-Baali, M., Grandinetti, L., Purnama, A. (eds.) Numerical Analysis and Optimization. PROMS, vol. 134. Springer, Cham (2015). doi:10.1007/978-3-319-17689-5_5
CrossRef Google Scholar
Hentschel, M., Hähnle, R., Bubel, R.: Visualizing unbounded symbolic execution. In: Seidl, M., Tillmann, N. (eds.) TAP 2014. LNCS, vol. 8570, pp. 82–98. Springer, Cham (2014). doi:10.1007/978-3-319-09099-3_7
Google Scholar
Heusser, J., Malacaria, P.: Quantifying information leaks in software. In: Proceedings of the 26th Annual Computer Security Applications Conference, pp. 261–269. ACM (2010)
Google Scholar
King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)
MathSciNet CrossRef MATH Google Scholar
Klebanov, V.: Precise quantitative information flow analysis–a symbolic approach. Theor. Comput. Sci. 538, 124–139 (2014)
MathSciNet CrossRef MATH Google Scholar
Köpf, B., Basin, D.: An information-theoretic model for adaptive side-channel attacks. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 286–296. ACM (2007)
Google Scholar
Malacaria, P., Chen, H.: Lagrange multipliers and maximum information leakage in different observational models. In: Proceedings of the 3rd ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, pp. 135–146. ACM (2008)
Google Scholar
Meng, Z., Smith, G.: Calculating bounds on information leakage using two-bit patterns. In: Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages, Analysis for Security, PLAS 2011, pp. 1:1–1:12. ACM (2011)
Google Scholar
Ngo, T.M., Huisman, M.: Quantitative security analysis for programs with low input and noisy output. In: Jürjens, J., Piessens, F., Bielova, N. (eds.) ESSoS 2014. LNCS, vol. 8364, pp. 77–94. Springer, Cham (2014). doi:10.1007/978-3-319-04897-0_6
CrossRef Google Scholar
Pasareanu, C.S., Phan, Q., Malacaria, P.: Multi-run side-channel analysis using symbolic execution and Max-SMT. In: IEEE 29th Computer Security Foundations Symposium, CSF 2016, pp. 387–400. IEEE Computer Society (2016)
Google Scholar
Phan, Q.-S., Malacaria, P., Tkachuk, O., Păsăreanu, C.S.: Symbolic quantitative information flow. SIGSOFT Softw. Eng. Notes 37(6), 1–5 (2012)
CrossRef Google Scholar
Robling Denning, D.E.: Cryptography and Data Security. Addison-Wesley, Boston (1982)
MATH Google Scholar
Sabelfeld, A., Sands, D.: Declassification: dimensions and principles. J. Comput. Secur. 17(5), 517–548 (2009)
CrossRef Google Scholar
Smith, G.: On the foundations of quantitative information flow. In: de Alfaro, L. (ed.) FoSSaCS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009). doi:10.1007/978-3-642-00596-1_21
CrossRef Google Scholar
Verdoolaege, S., Seghir, R., Beyls, K., Loechner, V., Bruynooghe, M.: Counting integer points in parametric polytopes using Barvinok’s rational functions. Algorithmica 48(1), 37–66 (2007)
MathSciNet CrossRef MATH Google Scholar
Yasuoka, H., Terauchi, T.: On bounding problems of quantitative information flow. J. Comput. Secur. 19(6), 1029–1082 (2011)
CrossRef Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Science, TU Darmstadt, Darmstadt, Germany
Quoc Huy Do, Richard Bubel & Reiner Hähnle

Authors

Quoc Huy Do
View author publications
You can also search for this author in PubMed Google Scholar
Richard Bubel
View author publications
You can also search for this author in PubMed Google Scholar
Reiner Hähnle
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Quoc Huy Do .

Editor information

Editors and Affiliations

Vietnam National University, Hanoi, Vietnam
Dr. Dang Van Hung
University of New Mexico, Albuquerque, New Mexico, USA
Deepak Kapur

Rights and permissions

Reprints and Permissions

Copyright information

About this paper

Cite this paper

Do, Q.H., Bubel, R., Hähnle, R. (2017). Inferring Secrets by Guided Experiments. In: Hung, D., Kapur, D. (eds) Theoretical Aspects of Computing – ICTAC 2017. ICTAC 2017. Lecture Notes in Computer Science(), vol 10580. Springer, Cham. https://doi.org/10.1007/978-3-319-67729-3_16

Download citation

DOI: https://doi.org/10.1007/978-3-319-67729-3_16
Published: 17 September 2017
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67728-6
Online ISBN: 978-3-319-67729-3
eBook Packages: Computer ScienceComputer Science (R0)