Litcius/Paper detail

A Systematic Evaluation of Automated Tools for Side-Channel Vulnerabilities Detection in Cryptographic Libraries

Antoine Geimer, Mathéo Vergnolle, Frédéric Recoules, Lesly-Ann Daniel, Sébastien Bardin, Clémentine Maurice

202314 citationsDOIOpen Access PDF

Abstract

To protect cryptographic implementations from side-channel vulnerabilities, developers must adopt constant-time programming practices. As these can be error-prone, many side-channel detection tools have been proposed. Despite this, such vulnerabilities are still manually found in cryptographic libraries. While a recent paper by Jancar et al. shows that developers rarely perform side-channel detection, it is unclear if existing detection tools could have found these vulnerabilities in the first place.

Topics & Concepts

Side channel attackCryptographyComputer scienceSecure codingComputer securityChannel (broadcasting)Cryptographic primitiveImplementationCryptographic protocolInformation securityComputer networkSoftware engineeringSoftware security assuranceSecurity serviceSecurity and Verification in ComputingCryptographic Implementations and SecurityAdvanced Malware Detection Techniques