Thu, Aug 24, 2023 @ 10:00 AM - 12:00 PM
Thomas Lord Department of Computer Science
PhD Thesis Defense - Jingbo Wang
Committee Members: Prof. Chao Wang (chair), Prof. Nenad Medvidovic, Prof. Jyotirmoy Deshmukh, Prof. Mukund Raghothaman, and Prof. Pierluigi Nuzzo
Title: Side channel Security Enabled by Program Analysis and Synthesis
Abstract: The objective of my dissertation research is to develop rigorous methods and analysis tools for improving the security of software systems. I focus on a class of emerging security threats called side channel attacks. During a side channel attack, the adversary relies on exploiting statistical dependencies between the secret data e.g. passwords or encryption keys and seemingly unrelated non functional properties e.g. power consumption or execution time of the computer. In particular, power side channel leaks are caused by statistical dependencies instead of syntactic or semantic dependencies between sources and sinks. Thus, existing techniques that focus primarily on information flow security e.g. taint analysis would not work. To detect and then automatically remove these statistical dependencies in software code, I have developed a set of type inference rules to capture and quantify the leaks, and then a set of transformation based methods to mitigate the leaks. To adapt these type inference rules to constantly evolving program characteristics, I have also proposed a data driven method for learning provably sound side channel analysis rules from annotated programs. To ensure the correctness of the mitigation, I have developed new methods to help prove the equivalence of the original and mitigated programs. All of these methods aim to identify and then eliminate the side channel related statistical dependencies, which in turn leads to more secure software for critical applications.
Audiences: Everyone Is Invited
Contact: Melissa Ochoa