Seminar will be exclusively online (no in-room presentation) - CS Colloquium: Tegan Brennan (University of California, Santa Barbara) - Software Side Channels
Thu, Apr 02, 2020 @ 11:00 AM - 12:00 PM
Conferences, Lectures, & Seminars
Speaker: Tegan Brennan, University of California, Santa Barbara
Talk Title: Software Side Channels
Series: CS Colloquium
Abstract: Side channels in software are a class of information leaks where non-functional side effects of software systems (such as execution time, memory usage or power consumption) can leak information about sensitive data. In this talk, I present my research on a new class of side-channel vulnerabilities: JIT-induced side channels. In contrast to side channels introduced at the source code level, JIT-induced side channels arise at runtime due to the behavior of just-in-time (JIT) compilation. I show the existence of this class of side channels across multiple runtimes, and I demonstrate JIT-induced timing channels in large, open source projects large enough in magnitude to be detected over the public internet. I also present an automated approach to inducing this type of side channel in programs. In evaluating my automated technique, I show that programs classified as side-channel free by four state-of-the-art side channel analysis tools are, in fact, vulnerable to JIT-induced side channels. Finally, I discuss my contributions towards scalable quantification of side-channel vulnerabilities through a caching framework for model-counting queries.
This lecture satisfies requirements for CSCI 591: Research Colloquium
Biography: Tegan Brennan is a PhD candidate in Computer Science at the University of California, Santa Barbara. Her research is in software engineering, formal verification and computer security. She has worked extensively on side-channel vulnerabilities in software. Tegan is a recipient of an IGERT Fellowship in Network Science, an NCWIT Collegiate Award Honorable Mention in 2018 and an invited participant of the 2019 Rising Stars workshop. She has also interned twice with Amazon's Automated Reasoning Group.
Host: Chao Wang
Location: Seminar will be exclusively online (no in-room presentation)
Audiences: Everyone Is Invited
Contact: Assistant to CS chair