DifFuzz: Differential Fuzzing for Side-Channel Analysis
| dc.contributor.author | Nilizadeh, Shirin | |
| dc.contributor.author | Noller, Yannic | |
| dc.contributor.author | Noller, Yannic | |
| dc.contributor.editor | Felderer, Michael | |
| dc.contributor.editor | Hasselbring, Wilhelm | |
| dc.contributor.editor | Rabiser, Rick | |
| dc.contributor.editor | Jung, Reiner | |
| dc.date.accessioned | 2020-02-03T13:03:33Z | |
| dc.date.available | 2020-02-03T13:03:33Z | |
| dc.date.issued | 2020 | |
| dc.description.abstract | This summary is based on our research results on ``DifFuzz: Differential Fuzzing for Side-Channel Analysis'' which was published in the proceedings of the 41st International Conference on Software Engineering. Side-channel analysis aims to investigate the risk that a potential attacker can infer any secret information through observations of the system, such as the execution time or the memory consumption. Side-channel vulnerabilities therefore represent security risks that can cause serious damage and need to be identified and repaired. DifFuzz applies differential fuzzing to identify inputs that trigger such vulnerabilities. Our fuzzing approach analyzes multiple program executions, which vary in their secret information, and uses resource-guided heuristics to identify inputs that maximize the observable cost difference between these executions. Our evaluation shows that such a dynamic analysis approach can find the same side-channel vulnerabilities as state-of-the-art static analysis techniques, and even more vulnerabilities since it does not rely on models for its analysis. Additionally, the advantage of DifFuzz compared to other techniques is not only that it can generate inputs that show a vulnerability, but that the resulting cost difference can also be used to estimate the severity of an identified vulnerability. This enables the comparing of repaired versions of an application. | en |
| dc.identifier.doi | 10.18420/SE2020_37 | |
| dc.identifier.isbn | 978-3-88579-694-7 | |
| dc.identifier.pissn | 1617-5468 | |
| dc.identifier.uri | https://dl.gi.de/handle/20.500.12116/31715 | |
| dc.language.iso | en | |
| dc.publisher | Gesellschaft für Informatik e.V. | |
| dc.relation.ispartof | Software Engineering 2020 | |
| dc.relation.ispartofseries | Lecture Notes in Informatics (LNI) - Proceedings, Volume P-300 | |
| dc.subject | Vulnerability Detection | |
| dc.subject | Side-Channel Analysis | |
| dc.subject | Dynamic Analysis | |
| dc.subject | Fuzzing | |
| dc.title | DifFuzz: Differential Fuzzing for Side-Channel Analysis | en |
| dc.type | Text/Conference Paper | |
| gi.citation.endPage | ||
| gi.citation.publisherPlace | Bonn | |
| gi.citation.startPage | 125 | |
| gi.conference.date | 24.-28. Feburar 2020 | |
| gi.conference.location | Innsbruck, Austria | |
| gi.conference.sessiontitle | Security |
Dateien
Originalbündel
1 - 1 von 1