Design And Implementation Of A Symbolic Execution Framework For Assessing Feasibility Of Cache-based Side Channels Attack

In recent years, Software cache-based side channel attacks became a serious new class of threats for computer system. Unlike physical side channel attacks that mostly target embedded cryptographic devices, cache-based side channel attacks can also undermine general-purpose systems. Side-channel attacks are easy-to-implement which we can use to attack the primitives, protocols, modules, devices and systems. These attacks pose a serious threat to the security of cryptographic modules. The attacks are easy to perform, effective on most platforms, and do not require special instruments or excessive computation power. In recently demonstrated attacks on software implementations of ciphers like AES, the full key can be recovered by an unprivileged user program performing simple performance measurements based on cache misses.We design and implement a methodology to simulate and check the process of assess if the secret can be retrieved throw recent symbolic execution based cache analysis. We leverage Simple Scalar simulation and symbolic execution(Klee) for analysis. I shall start with the cache-based side channel attacks using the Simplescalar on AES. Calculating the cache misses to check which cache misses is easier to retrieve. Then use Klee to generate the symbolic values to calculate the cache misses for the symbolic inputs. During the LLVM, which Klee has the added advantage of working on top of, have an infinite number of registers; we put our emphasis on how to explicitly convert the cache hits address generated by simplescalar to LLVM bitcode.The main contribution of this report work is the design and implementation of the system to simulate the process of the encryption and decryption then calculate the cache misses to get the key, which is easy to attack. Also, we assess the possibility of such attacks and compare with the possibilities of other cache analysis frameworks. In addition to the scalability of the method, many technical issues call for attention. This recent work allows for a more precise and targeted analysis of the cache behavior of computer programs on specific architectures. Such analysis can be applied to security software that is subject to cache-based side-channel attacks. The idea is then to assess the possibilities of attacks based on such precise techniques.