Blogs (1) >>
ASE 2019
Sun 10 - Fri 15 November 2019 San Diego, California, United States
Thu 14 Nov 2019 13:40 - 14:00 at Cortez 1 - Program Analysis Chair(s): Coen De Roover

Compression is an emerging source of exploitable side-channel leakage that threatens data security, particularly in web applications where compression is indispensable for performance reasons. Current approaches to mitigating compression side channels have drawbacks in that they either degrade compression ratio drastically or require too much effort from developers to be widely adopted. To bridge the gap, we develop Debreach, a static analysis and program transformation based approach to mitigating compression side channels. Debreach consists of two steps. First, it uses taint analysis to soundly identify flows of sensitive data in the program and uses code instrumentation to annotate data before feeding them to the compressor. Second, it enhances the compressor to exploit the freedom to not compress of standard compression protocols, thus removing the dependency between sensitive data and the size of the compressor’s output. Since Debreach automatically instruments applications and does not change the compression protocols, it has the advantage of being non-disruptive and compatible with existing systems. We have evaluated Debreach on a set of web server applications written in PHP. Our experiments show that, while ensuring leakage-freedom, Debreach can achieve significantly higher compression performance than state-of-the-art approaches.

Thu 14 Nov
Times are displayed in time zone: Tijuana, Baja California change

13:40 - 15:20
Program AnalysisResearch Papers / Demonstrations at Cortez 1
Chair(s): Coen De RooverVrije Universiteit Brussel
13:40
20m
Talk
Debreach: Mitigating Compression Side Channels via Static Analysis and Transformation
Research Papers
Brandon PaulsenUniversity of Southern California, Chungha SungUniversity of Southern California, Peter PetersonUniversity of Minnesota Duluth, Chao WangUSC
14:00
20m
Talk
Fine-grain memory object representation in symbolic execution
Research Papers
Martin NowackImperial College London
14:20
20m
Talk
RENN: Efficient Reverse Execution with Neural-Network-assisted Alias Analysis
Research Papers
Dongliang MuNanjing University, Wenbo GuoThe Pennsylvania State University, Alejandro CuevasThe Pennsylvania State University, Yueqi ChenThe Pennsylvania State University, Jinxuan GaiThe Pennsylvania State University, Xinyu XingThe Pennsylvania State University, Bing MaoNanjing University, Chengyu SongUC Riverside
14:40
20m
Talk
Batch Alias Analysis
Research Papers
Pre-print
15:00
10m
Demonstration
Manticore: A User-Friendly Symbolic Execution Framework for Binaries and Smart Contracts
Demonstrations
Mark MossbergTrail of Bits, Felipe ManzanoTrail of Bits, Eric HennenfentTrail of Bits, Alex GroceTrail of Bits, Gustavo GriecoTrail of Bits, Josselin FeistTrail of Bits, Trent BrunsonTrail of Bits, Artem DinaburgTrail of Bits
Media Attached
15:10
10m
Demonstration
BuRRiTo: A Framework to Extract, Specify, Verify and Analyze Business Rules
Demonstrations
Pavan ChittimalliTCS Research, Kritika AnandTCS Research, Shrishti PradhanTCS Research, Sayandeep MitraTCS Research, Chandan PrakashTCS Research, Rohit ShereTCS Research, Ravindra NaikTCS Research, TRDDC, India