当前位置:
X-MOL 学术
›
arXiv.cs.SE
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
QFuzz: Quantitative Fuzzing for Side Channels
arXiv - CS - Software Engineering Pub Date : 2021-06-07 , DOI: arxiv-2106.03346 Yannic Noller, Saeid Tizpaz-Niari
arXiv - CS - Software Engineering Pub Date : 2021-06-07 , DOI: arxiv-2106.03346 Yannic Noller, Saeid Tizpaz-Niari
Side channels pose a significant threat to the confidentiality of software
systems. Such vulnerabilities are challenging to detect and evaluate because
they arise from non-functional properties of software such as execution times
and require reasoning on multiple execution traces. Recently, noninterference
notions have been adapted in static analysis, symbolic execution, and greybox
fuzzing techniques. However, noninterference is a strict notion and may reject
security even if the strength of information leaks are weak. A quantitative
notion of security allows for the relaxation of noninterference and tolerates
small (unavoidable) leaks. Despite progress in recent years, the existing
quantitative approaches have scalability limitations in practice. In this work,
we present QFuzz, a greybox fuzzing technique to quantitatively evaluate the
strength of side channels with a focus on min entropy. Min entropy is a measure
based on the number of distinguishable observations (partitions) to assess the
resulting threat from an attacker who tries to compromise secrets in one try.
We develop a novel greybox fuzzing equipped with two partitioning algorithms
that try to maximize the number of distinguishable observations and the cost
differences between them. We evaluate QFuzz on a large set of benchmarks from
existing work and real-world libraries (with a total of 70 subjects). QFuzz
compares favorably to three state-of-the-art detection techniques. QFuzz
provides quantitative information about leaks beyond the capabilities of all
three techniques. Crucially, we compare QFuzz to a state-of-the-art
quantification tool and find that QFuzz significantly outperforms the tool in
scalability while maintaining similar precision. Overall, we find that our
approach scales well for real-world applications and provides useful
information to evaluate resulting threats. Additionally, QFuzz identifies a
zero-d...
中文翻译:
QFuzz:侧通道的定量模糊测试
侧信道对软件系统的机密性构成重大威胁。此类漏洞很难检测和评估,因为它们源于软件的非功能特性,例如执行时间,并且需要对多个执行跟踪进行推理。最近,静态分析、符号执行和灰盒模糊测试技术中采用了非干扰概念。然而,不干涉是一个严格的概念,即使信息泄漏的强度很弱,也可能拒绝安全。安全的定量概念允许放宽不干扰并容忍小的(不可避免的)泄漏。尽管近年来取得了进展,但现有的定量方法在实践中存在可扩展性限制。在这项工作中,我们提出了 QFuzz,一种灰盒模糊测试技术,用于定量评估侧通道的强度,重点是最小熵。最小熵是一种基于可区分观察(分区)数量的度量,用于评估试图一次性泄露机密的攻击者所产生的威胁。我们开发了一种新颖的灰盒模糊测试,配备了两种分区算法,试图最大化可区分观察的数量和它们之间的成本差异。我们在来自现有工作和现实世界图书馆(总共 70 个主题)的大量基准上评估 QFuzz。QFuzz 优于三种最先进的检测技术。QFuzz 提供有关超出所有三种技术能力的泄漏的定量信息。至关重要的是,我们将 QFuzz 与最先进的量化工具进行比较,发现 QFuzz 在可扩展性方面明显优于该工具,同时保持相似的精度。总的来说,我们发现我们的方法可以很好地适应现实世界的应用程序,并提供有用的信息来评估由此产生的威胁。此外,QFuzz 标识了一个零 d ...
更新日期:2021-06-08
中文翻译:
QFuzz:侧通道的定量模糊测试
侧信道对软件系统的机密性构成重大威胁。此类漏洞很难检测和评估,因为它们源于软件的非功能特性,例如执行时间,并且需要对多个执行跟踪进行推理。最近,静态分析、符号执行和灰盒模糊测试技术中采用了非干扰概念。然而,不干涉是一个严格的概念,即使信息泄漏的强度很弱,也可能拒绝安全。安全的定量概念允许放宽不干扰并容忍小的(不可避免的)泄漏。尽管近年来取得了进展,但现有的定量方法在实践中存在可扩展性限制。在这项工作中,我们提出了 QFuzz,一种灰盒模糊测试技术,用于定量评估侧通道的强度,重点是最小熵。最小熵是一种基于可区分观察(分区)数量的度量,用于评估试图一次性泄露机密的攻击者所产生的威胁。我们开发了一种新颖的灰盒模糊测试,配备了两种分区算法,试图最大化可区分观察的数量和它们之间的成本差异。我们在来自现有工作和现实世界图书馆(总共 70 个主题)的大量基准上评估 QFuzz。QFuzz 优于三种最先进的检测技术。QFuzz 提供有关超出所有三种技术能力的泄漏的定量信息。至关重要的是,我们将 QFuzz 与最先进的量化工具进行比较,发现 QFuzz 在可扩展性方面明显优于该工具,同时保持相似的精度。总的来说,我们发现我们的方法可以很好地适应现实世界的应用程序,并提供有用的信息来评估由此产生的威胁。此外,QFuzz 标识了一个零 d ...
京公网安备 11010802027423号