检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:Fei Yan Rushan Wu Liqiang Zhang Yue Cao
出 处:《Tsinghua Science and Technology》2023年第1期47-58,共12页清华大学学报(自然科学版(英文版)
基 金:supported in part by the National Natural Science Foundation of China (Nos.61272452 and 61872430);the National Key Basic Research and Development (973)Program of China (No.2014CB340601);the Key R&D Program of Hubei Province (No.2020BAA003);the Prospective Applied Research Program of Suzhou City (No.SYG201845).
摘 要:Side-channel attacks allow adversaries to infer sensitive information,such as cryptographic keys or private user data,by monitoring unintentional information leaks of running programs.Prior side-channel detection methods can identify numerous potential vulnerabilities in cryptographic implementations with a small amount of execution traces due to the high diffusion of secret inputs in crypto primitives.However,because non-cryptographic programs cover different paths under various sensitive inputs,extending existing tools for identifying information leaks to non-cryptographic applications suffers from either insufficient path coverage or redundant testing.To address these limitations,we propose a new dynamic analysis framework named SPIDER that uses fuzzing,execution profiling,and clustering for a high path coverage and test suite reduction,and then speeds up the dynamic analysis of side-channel vulnerability detection in non-cryptographic programs.We analyze eight non-cryptographic programs and ten cryptographic algorithms under SPIDER in a fully automated way,and our results confirm the effectiveness of test suite reduction and the vulnerability detection accuracy of the whole framework.
关 键 词:side-channel detection test suite reduction dynamic analysis
分 类 号:TN9[电子电信—信息与通信工程]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:18.223.169.109