A survey of microarchitectural side-channel vulnerabilities, attacks, and defenses in cryptography
Side-channel attacks have become a severe threat to the confidentiality of computer
applications and systems. One popular type of such attacks is the microarchitectural attack …
applications and systems. One popular type of such attacks is the microarchitectural attack …
A systematic evaluation of automated tools for side-channel vulnerabilities detection in cryptographic libraries
A Geimer, M Vergnolle, F Recoules, LA Daniel… - Proceedings of the …, 2023 - dl.acm.org
To protect cryptographic implementations from side-channel vulnerabilities, developers must
adopt constant-time programming practices. As these can be error-prone, many side …
adopt constant-time programming practices. As these can be error-prone, many side …
SpecuSym: Speculative symbolic execution for cache timing leak detection
CPU cache is a limited but crucial storage component in modern processors, whereas the
cache timing side-channel may inadvertently leak information through the physically …
cache timing side-channel may inadvertently leak information through the physically …
KLEESpectre: Detecting information leakage through speculative cache attacks via symbolic execution
Spectre-style attacks disclosed in early 2018 expose data leakage scenarios via cache side
channels. Specifically, speculatively executed paths due to branch mis-prediction may bring …
channels. Specifically, speculatively executed paths due to branch mis-prediction may bring …
Microwalk-CI: Practical side-channel analysis for JavaScript applications
J Wichelmann, F Sieck, A Pätschke… - Proceedings of the 2022 …, 2022 - dl.acm.org
Secret-dependent timing behavior in cryptographic implementations has resulted in
exploitable vulnerabilities, undermining their security. Over the years, numerous tools to …
exploitable vulnerabilities, undermining their security. Over the years, numerous tools to …
Big Numbers-Big Troubles: Systematically Analyzing Nonce Leakage in ({EC) DSA} Implementations
S Weiser, D Schrammel, L Bodner… - 29th USENIX Security …, 2020 - usenix.org
Side-channel attacks exploiting (EC) DSA nonce leakage easily lead to full key recovery.
Although (EC) DSA implementations have already been hardened against side-channel …
Although (EC) DSA implementations have already been hardened against side-channel …
Composable Cachelets: Protecting Enclaves from Cache {Side-Channel} Attacks
The security of isolated execution architectures such as Intel SGX has been significantly
threatened by the recent emergence of side-channel attacks. Cache side-channel attacks …
threatened by the recent emergence of side-channel attacks. Cache side-channel attacks …
[PDF][PDF] “These results must be false”: A usability evaluation of constant-time analysis tools
Cryptography secures our online interactions, transactions, and trust. To achieve this goal,
not only do the cryptographic primitives and protocols need to be secure in theory, they also …
not only do the cryptographic primitives and protocols need to be secure in theory, they also …
{CacheQL}: Quantifying and Localizing Cache {Side-Channel} Vulnerabilities in Production Software
Cache side-channel attacks extract secrets by examining how victim software accesses
cache. To date, practical attacks on crypto systems and media libraries are demonstrated …
cache. To date, practical attacks on crypto systems and media libraries are demonstrated …
Guidelines for implementing and auditing differentially private systems
Differential privacy is an information theoretic constraint on algorithms and code. It provides
quantification of privacy leakage and formal privacy guarantees that are currently …
quantification of privacy leakage and formal privacy guarantees that are currently …