ECOOP 2024
Mon 16 - Fri 20 September 2024 Vienna, Austria
co-located with ISSTA/ECOOP 2024
Tue 17 Sep 2024 14:30 - 14:45 at EI 7 - Chair(s): Jonathan Aldrich, Guido Salvaneschi

Timing channel attacks are emerging as real-world threats to computer security. In cryptographic systems, an effective countermeasure against timing attacks is the constant-time programming discipline. However, strictly enforcing the discipline manually is both time-consuming and error-prone. While various tools exist for analyzing/verifying constant-time programs, they sacrifice at least one feature among precision, soundness and efficiency.

In this paper, we build CtChecker, a sound static analysis for constant-time programming. Under the hood, CtChecker uses a static information flow analysis to identify violations of constant-time discipline. Despite the common wisdom that sound, static information flow analysis lacks precision for real-world applications, we show that with field-sensitivity, context-sensitivity and flow-sensitivity, CtChecker reports fewer false positives compared with existing sound tools. Evaluation on real-world cryptographic systems shows that CtChecker analyzes 24K lines of source code in under 30 seconds. Moreover, CtChecker reveals that some repaired code generated by program rewriters supposedly remove timing channels are still not constant-time.

Tue 17 Sep

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

13:30 - 15:00
Technical Papers at EI 7
Chair(s): Jonathan Aldrich Carnegie Mellon University, Guido Salvaneschi University of St. Gallen
13:30
30m
Awards
ECOOP Awards
Technical Papers
Guido Salvaneschi University of St. Gallen, Jonathan Aldrich Carnegie Mellon University
14:00
15m
Talk
Mutation-based Lifted Repair of Software Product Lines
Technical Papers
Aleksandar S. Dimovski Mother Teresa University, Skopje
14:15
15m
Talk
Refinements for Multiparty Message-Passing Protocols: Specification-agnostic theory and implementation
Technical Papers
Martin Vassor Université de Lorraine; CNRS; Inria; LORIA, Nobuko Yoshida University of Oxford
14:30
15m
Talk
CtChecker: a Precise, Sound and Efficient Static Analysis for Constant-Time Programming
Technical Papers
Quan Zhou Penn State University, Dang Sixuan Duke University, Danfeng Zhang Duke University
14:45
15m
Talk
The Fault in our Stars: Designing Reproducible Large-scale Code Analysis Experiments
Technical Papers
Petr Maj Czech Technical University, Stefanie Muroya Lei Institute of Science and Technology in Austria, Konrad Siek Czech Technical University in Prague, Luca Di Grazia University of Stuttgart, Jan Vitek Northeastern University

Information for Participants
Tue 17 Sep 2024 13:30 - 15:00 at EI 7 - Chair(s): Jonathan Aldrich, Guido Salvaneschi
Info for room EI 7:

Map: https://tuw-maps.tuwien.ac.at/?q=CDEG13

Room tech: https://raumkatalog.tiss.tuwien.ac.at/room/15417