YoVDO

Efficient Relational Symbolic Execution for Constant-Time at Binary-Level

Offered By: IEEE via YouTube

Tags

Symbolic Execution Courses Software Development Courses Cybersecurity Courses Timing Attacks Courses

Course Description

Overview

Explore a 16-minute IEEE conference talk on Binsec/Rel, an efficient relational symbolic execution tool for verifying constant-time programming at the binary level. Learn about the challenges of writing constant-time code to prevent timing side-channel attacks and the importance of binary-level analysis. Discover how Binsec/Rel improves upon previous symbolic execution techniques with optimizations for information flow and binary-level analysis. Examine the tool's effectiveness in bug-finding and bounded-verification through extensive experiments on cryptographic implementations. Gain insights into the impact of compiler optimizations on constant-time preservation and understand why binary-level reasoning is crucial for ensuring security in cryptographic code.

Syllabus

Intro
Problem: Protecting Secrets against Timing Attacks
Solution: Constant-Time Programming (CT)
Constant-Time is Generally not Preserved by Compilers (1)
The Need for Automatic Analysis
Lots of Verification Tools for Constant-Time
Definition: Bug-Finding & Bounded-Verif for Constant-Time
Adapt SE for Constant-Time: Technical Key Insights
Contributions
Standard Approach eg (1.2 ): Symbolic Execution for Constant-Time via Self-Composition
Better Approach: Relational Symbolic Execution (1.2)
Dedicated Optimizations for Constant-Time Analysis
Binsec/Rel: Experimental Evaluation
Scalability: Comparison with RelSE (RQ2)
Effect of Compiler Optimizations on Constant-Time (RQ1/RQ3)
Conclusion


Taught by

IEEE Symposium on Security and Privacy

Tags

Related Courses

Computer Security
Stanford University via Coursera
Cryptography II
Stanford University via Coursera
Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera
Building an Information Risk Management Toolkit
University of Washington via Coursera
Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network