Debreach: Mitigating compression side channels via static analysis and transformation

Brandon Paulsen; Chungha Sung; Peter A.H. Peterson; Chao Wang

doi:10.1109/ASE.2019.00088

Debreach: Mitigating compression side channels via static analysis and transformation

Brandon Paulsen, Chungha Sung, Peter A.H. Peterson, Chao Wang

Computer Science (Duluth)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

6 Scopus citations

Abstract

Compression is an emerging source of exploitable side-channel leakage that threatens data security, particularly in web applications where compression is indispensable for performance reasons. Current approaches to mitigating compression side channels have drawbacks in that they either degrade compression ratio drastically or require too much effort from developers to be widely adopted. To bridge the gap, we develop Debreach, a static analysis and program transformation based approach to mitigating compression side channels. Debreach consists of two steps. First, it uses taint analysis to soundly identify flows of sensitive data in the program and uses code instrumentation to annotate data before feeding them to the compressor. Second, it enhances the compressor to exploit the freedom to not compress of standard compression protocols, thus removing the dependency between sensitive data and the size of the compressor's output. Since Debreach automatically instruments applications and does not change the compression protocols, it has the advantage of being non-disruptive and compatible with existing systems. We have evaluated Debreach on a set of web server applications written in PHP. Our experiments show that, while ensuring leakage-freedom, Debreach can achieve significantly higher compression performance than state-of-the-art approaches.

Original language	English (US)
Title of host publication	Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	899-911
Number of pages	13
ISBN (Electronic)	9781728125084
DOIs	https://doi.org/10.1109/ASE.2019.00088
State	Published - Nov 2019
Event	34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019 - San Diego, United States Duration: Nov 10 2019 → Nov 15 2019

Publication series

Name	Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019

Conference

Conference	34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019
Country/Territory	United States
City	San Diego
Period	11/10/19 → 11/15/19

Bibliographical note

Funding Information:
ACKNOWLEDGMENTS This work was partially funded by the U.S. National Science Foundation (NSF) under the grant CNS-1617203 and Office of Naval Research (ONR) under the grant N00014-17-1-2896.

Publisher Copyright:
© 2019 IEEE.

Keywords

Automated Defect Repair
Data Privacy
Program Synthesis and Transformations
Side Channel

Publisher link

10.1109/ASE.2019.00088

Find It

Find It at U of M Libraries

Cite this

Paulsen, B., Sung, C., Peterson, P. A. H., & Wang, C. (2019). Debreach: Mitigating compression side channels via static analysis and transformation. In Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019 (pp. 899-911). Article 8952360 (Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ASE.2019.00088

Debreach: Mitigating compression side channels via static analysis and transformation. / Paulsen, Brandon; Sung, Chungha; Peterson, Peter A.H. et al.
Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019. Institute of Electrical and Electronics Engineers Inc., 2019. p. 899-911 8952360 (Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Paulsen, B, Sung, C, Peterson, PAH & Wang, C 2019, Debreach: Mitigating compression side channels via static analysis and transformation. in Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019., 8952360, Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019, Institute of Electrical and Electronics Engineers Inc., pp. 899-911, 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019, San Diego, United States, 11/10/19. https://doi.org/10.1109/ASE.2019.00088

Paulsen B, Sung C, Peterson PAH, Wang C. Debreach: Mitigating compression side channels via static analysis and transformation. In Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 899-911. 8952360. (Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019). doi: 10.1109/ASE.2019.00088

Paulsen, Brandon ; Sung, Chungha ; Peterson, Peter A.H. et al. / Debreach : Mitigating compression side channels via static analysis and transformation. Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 899-911 (Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019).

@inproceedings{5eaeb73e4adf4c27b1363bc17b270889,

title = "Debreach: Mitigating compression side channels via static analysis and transformation",

abstract = "Compression is an emerging source of exploitable side-channel leakage that threatens data security, particularly in web applications where compression is indispensable for performance reasons. Current approaches to mitigating compression side channels have drawbacks in that they either degrade compression ratio drastically or require too much effort from developers to be widely adopted. To bridge the gap, we develop Debreach, a static analysis and program transformation based approach to mitigating compression side channels. Debreach consists of two steps. First, it uses taint analysis to soundly identify flows of sensitive data in the program and uses code instrumentation to annotate data before feeding them to the compressor. Second, it enhances the compressor to exploit the freedom to not compress of standard compression protocols, thus removing the dependency between sensitive data and the size of the compressor's output. Since Debreach automatically instruments applications and does not change the compression protocols, it has the advantage of being non-disruptive and compatible with existing systems. We have evaluated Debreach on a set of web server applications written in PHP. Our experiments show that, while ensuring leakage-freedom, Debreach can achieve significantly higher compression performance than state-of-the-art approaches.",

keywords = "Automated Defect Repair, Data Privacy, Program Synthesis and Transformations, Side Channel",

author = "Brandon Paulsen and Chungha Sung and Peterson, {Peter A.H.} and Chao Wang",

note = "Funding Information: ACKNOWLEDGMENTS This work was partially funded by the U.S. National Science Foundation (NSF) under the grant CNS-1617203 and Office of Naval Research (ONR) under the grant N00014-17-1-2896. Publisher Copyright: {\textcopyright} 2019 IEEE.; 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019 ; Conference date: 10-11-2019 Through 15-11-2019",

year = "2019",

month = nov,

doi = "10.1109/ASE.2019.00088",

language = "English (US)",

series = "Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "899--911",

booktitle = "Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019",

}

TY - GEN

T1 - Debreach

T2 - 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019

AU - Paulsen, Brandon

AU - Sung, Chungha

AU - Peterson, Peter A.H.

AU - Wang, Chao

N1 - Funding Information: ACKNOWLEDGMENTS This work was partially funded by the U.S. National Science Foundation (NSF) under the grant CNS-1617203 and Office of Naval Research (ONR) under the grant N00014-17-1-2896. Publisher Copyright: © 2019 IEEE.

PY - 2019/11

Y1 - 2019/11

N2 - Compression is an emerging source of exploitable side-channel leakage that threatens data security, particularly in web applications where compression is indispensable for performance reasons. Current approaches to mitigating compression side channels have drawbacks in that they either degrade compression ratio drastically or require too much effort from developers to be widely adopted. To bridge the gap, we develop Debreach, a static analysis and program transformation based approach to mitigating compression side channels. Debreach consists of two steps. First, it uses taint analysis to soundly identify flows of sensitive data in the program and uses code instrumentation to annotate data before feeding them to the compressor. Second, it enhances the compressor to exploit the freedom to not compress of standard compression protocols, thus removing the dependency between sensitive data and the size of the compressor's output. Since Debreach automatically instruments applications and does not change the compression protocols, it has the advantage of being non-disruptive and compatible with existing systems. We have evaluated Debreach on a set of web server applications written in PHP. Our experiments show that, while ensuring leakage-freedom, Debreach can achieve significantly higher compression performance than state-of-the-art approaches.

AB - Compression is an emerging source of exploitable side-channel leakage that threatens data security, particularly in web applications where compression is indispensable for performance reasons. Current approaches to mitigating compression side channels have drawbacks in that they either degrade compression ratio drastically or require too much effort from developers to be widely adopted. To bridge the gap, we develop Debreach, a static analysis and program transformation based approach to mitigating compression side channels. Debreach consists of two steps. First, it uses taint analysis to soundly identify flows of sensitive data in the program and uses code instrumentation to annotate data before feeding them to the compressor. Second, it enhances the compressor to exploit the freedom to not compress of standard compression protocols, thus removing the dependency between sensitive data and the size of the compressor's output. Since Debreach automatically instruments applications and does not change the compression protocols, it has the advantage of being non-disruptive and compatible with existing systems. We have evaluated Debreach on a set of web server applications written in PHP. Our experiments show that, while ensuring leakage-freedom, Debreach can achieve significantly higher compression performance than state-of-the-art approaches.

KW - Automated Defect Repair

KW - Data Privacy

KW - Program Synthesis and Transformations

KW - Side Channel

UR - http://www.scopus.com/inward/record.url?scp=85078957595&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85078957595&partnerID=8YFLogxK

U2 - 10.1109/ASE.2019.00088

DO - 10.1109/ASE.2019.00088

M3 - Conference contribution

AN - SCOPUS:85078957595

T3 - Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019

SP - 899

EP - 911

BT - Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering, ASE 2019

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 10 November 2019 through 15 November 2019

ER -

Debreach: Mitigating compression side channels via static analysis and transformation

Abstract

Publication series

Conference

Bibliographical note

Keywords

Publisher link

Find It

Other files and links

Fingerprint

Cite this