English

Quantifying the Information Leak in Cache Attacks through Symbolic Execution

Cryptography and Security 2016-11-15 v1

Abstract

Cache timing attacks allow attackers to infer the properties of a secret execution by observing cache hits and misses. But how much information can actually leak through such attacks? For a given program, a cache model, and an input, our CHALICE framework leverages symbolic execution to compute the amount of information that can possibly leak through cache attacks. At the core of CHALICE is a novel approach to quantify information leak that can highlight critical cache side-channel leaks on arbitrary binary code. In our evaluation on real-world programs from OpenSSL and Linux GDK libraries, CHALICE effectively quantifies information leaks: For an AES-128 implementation on Linux, for instance, CHALICE finds that a cache attack can leak as much as 127 out of 128 bits of the encryption key.

Keywords

Cite

@article{arxiv.1611.04426,
  title  = {Quantifying the Information Leak in Cache Attacks through Symbolic Execution},
  author = {Sudipta Chattopadhyay and Moritz Beck and Ahmed Rezine and Andreas Zeller},
  journal= {arXiv preprint arXiv:1611.04426},
  year   = {2016}
}
R2 v1 2026-06-22T16:51:35.063Z