CS 292 - Quantitative Information Flow and Side Channels - Spring 2019

Instructor: Tevfik Bultan     Office: Eng. I 2123   Office Hours: Tuesday 1:30-3:30  
Class Times: Tuesday/Thursday 11:00-12:50   Location: PHELP 2510
Enrollment Code: 61036
Units: 4
Course webpage: http://www.cs.ucsb.edu/~bultan/courses/292/

Course Topics

Many computer systems have access to sensitive information nowadays and, consequently, information leakage has become a significant security concern for users. Side-channel vulnerabilities that are based on information gained by observing nonfunctional properties of computer systems (such as execution time or memory usage) can enable attackers to infer the secret information that the system accesses. Recently, Meltdown and Spectre attacks have demonstrated the importance and impact of such vulnerabilities.

In this course, we will discuss static and dynamic analysis techniques for detecting information leakage in computer systems. In most practical settings, complete elimination of information leakage, where all observable outputs are independent of secrets (called noninterference), is not achievable. An alternative approach, called quantitative information flow analysis, is to quantify the amount of information that leaks from a given computer system using information theoretic concepts such as entropy. Quantitative information flow analysis enables detection of harmful side-channel vulnerabilities while minimizing false alarms that are due to benign information leakage. In this course, we will discuss recent developments in detection of side-channel vulnerabilities and quantitative information flow analysis. The topics we will discuss include:

Course Work

There will be several homework assignments, a midterm exam, a final exam, and the students will be required to present a research paper in class. The papers related to the topics discussed in the class and/or lecture notes will be given as reading assignments.


Homework Assignments

Slides from Lectures and Reading Assignments


Papers to Present

  1. David Clark, Sebastian Hunt, Pasquale Malacaria. A static analysis for quantifying information flow in a simple imperative language. Journal of Computer Security 15(3): 321-371 (2007) Alternate link
  2. Quantitative Security Analysis for Programs with Low Input and Noisy Output. Tri Minh Ngo, Marieke Huisman.
  3. Quantitative information flow under generic leakage functions and adaptive adversaries M. Boreale, Francesca Pampaloni.
  4. Measuring Information Leakage Using Generalized Gain Functions Mario S. Alvim, Kostas Chatzikokolakis, Catuscia Palamidessi, Geoffrey Smith.
  5. Stephen McCamant, Michael D. Ernst. Quantitative information flow as network flow capacity. PLDI 2008: 193-205 ( Technical Report )
  6. Shuo Chen, Rui Wang, XiaoFeng Wang, Kehuan Zhang. Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow. IEEE Symposium on Security and Privacy 2010: 191-206
  7. Goran Doychev, Dominik Feld, Boris Köpf, Laurent Mauborgne, Jan Reineke. CacheAudit: A Tool for the Static Analysis of Cache Side Channels. USENIX Security 2013: 431-446
  8. SMT-Based Verification of Software Countermeasures against Side-Channel Attacks. Hassan Eldib, Chao Wang, Patrick Schaumont.
  9. Pasquale Malacaria, M. H. R. Khouzani, Corina S. Pasareanu, Quoc-Sang Phan, Kasper Søe Luckow. Symbolic Side-Channel Analysis for Probabilistic Programs. CSF 2018: 313-327
  10. Tom Chothia, Yusuke Kawamoto, Chris Novakovic. LeakWatch: Estimating Information Leakage from Java Programs. ESORICS (2) 2014: 219-236
  11. Tom Chothia, Yusuke Kawamoto, Chris Novakovic, David Parker. Probabilistic Point-to-Point Information Leakage. CSF 2013: 193-205 2012
  12. Timos Antonopoulos, Paul Gazzillo, Michael Hicks, Eric Koskinen, Tachio Terauchi, and Shiyi Wei. Decomposition instead of self-composition for proving the absence of timing channels. In ACM SIGPLAN Notices, volume 52, pages 362–375. ACM, 2017.
  13. Jia Chen, Yu Feng, and Isil Dillig. Precise detection of side-channel vulnerabilities using quantitative cartesian hoare logic. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pages 875–890. ACM, 2017.
  14. Shirin Nilizadeh, Yannic Noller, and Corina S Pasareanu. Diffuzz: Differential fuzzing for side-channel analysis. arXiv preprint arXiv:1811.07005, 2018
  15. A Model Counter For Constraints Over Unbounded Strings. Loi Luu, Shweta Shinde, Prateek Saxena.
  16. Satisfiability modulo counting: a new approach for analyzing privacy properties. Matthew Fredrikson, Somesh Jha.
  17. Symbolic Polytopes for Quantitative Interpolation and Verification. Klaus v. Gleissenthall1, Boris Kopf, and Andrey Rybalchenko.
  18. Effective lattice point counting in rational convex polytopes. Jesús A. De Loerab, Raymond Hemmeckeb, Jeremiah Tauzera, Ruriko Yoshidab.
  19. Distribution-Aware Sampling and Weighted Model Counting for SAT. Supratik Chakraborty, Daniel J. Fremont, Kuldeep S. Meel, Sanjit A. Seshia, Moshe Y. Vardi.
  20. From Weighted to Unweighted Model Counting. Supratik Chakraborty, Dror Fried, Kuldeep S. Meel, Moshe Y. Vardi.
  21. Approximate Probabilistic Inference via Word-Level Counting. Supratik Chakraborty, Kuldeep S. Meel, Rakesh Mistry, Moshe Y. Vardi.
  22. Mateus Borges, Quoc-Sang Phan, Antonio Filieri, Corina S. Pasareanu. Model-Counting Approaches for Nonlinear Numerical Constraints. NFM 2017: 131-138
  23. Antonio Filieri, Marcelo F. Frias, Corina S. Pasareanu, Willem Visser. Model Counting for Complex Data Structures. SPIN 2015: 222-241
  24. Minh-Thai Trinh, Duc-Hiep Chu, Joxan Jaffar. Model Counting for Recursively-Defined Strings. CAV (2) 2017: 399-418
  25. Dmitry Chistikov, Rayna Dimitrova, Rupak Majumdar: Approximate Counting in SMT and Value Estimation for Probabilistic Programs. TACAS 2015: 320-334
  26. Seonmo Kim, Stephen McCamant: Bit-Vector Model Counting Using Statistical Estimation. TACAS (1) 2018: 133-151
  27. Meng Wu, Shengjian Guo, Patrick Schaumont, Chao Wang: Eliminating timing side-channel leaks using program repair. ISSTA 2018: 15-26
  28. Shengjian Guo, Meng Wu, Chao Wang: Adversarial symbolic execution for detecting concurrency-related cache timing leaks. ESEC/SIGSOFT FSE 2018: 377-388

Related Papers