Identifying Cache-Based Timing Channels in Production Software

主讲:Dinghao Wu, Pennsylvania State University

In this talk, I will present a technique to help software developersidentify potential vulnerabilities that can lead to cache-based timingattacks. Our technique leverages symbolic execution and constraintsolving to detect potential cache differences at each programpoint. We adopt a cache model that is general enough to capturevarious threat models that are employed in practical timing attacks.

Patr 1 Background



Towards Efficient Heap Overflow Discovery 



var _hmt = _hmt || []; (function() { var hm = document.createElement("script"); hm.src = "//"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s); })();