Triggerflow: Regression Testing by Advanced Execution Path Inspection

Cryptographic libraries often feature multiple implementations of primitives to meet both the security needs of handling private information and the performance requirements of modern services when the handled information is public. OpenSSL, the de-facto standard free and open source cryptographic library, includes mechanisms to differentiate the confidential data and its control flow, including runtime flags, designed for hardening against timing side-channels, but repeatedly accidentally mishandled in the past. To analyze and prevent these accidents, we introduce Triggerflow, a tool for tracking execution paths that, assisted by source annotations, dynamically analyzes the binary through the debugger. We validate this approach with case studies demonstrating how adopting our method in the development pipeline would have promptly detected such accidents. We further show-case the value of the tooling by presenting two novel discoveries facilitated by Triggerflow: one leak and one defect

Software for advanced execution path inspection

Execution path is a subset of code that gets executed during operation of software. Inspection of the execution path is often required when analysing software for vulnerabilities. This thesis describes Triggerfow, a tool for tracking execution paths, that can be used to facilitate such inspection. Triggerfow works by leveraging debugger to dynamically analyze code execution and fltering results using source code annotations. The thesis describes the tool interface, engineering choices made during its development, techniques it uses, and supporting software and methodology of deploying continuous integration using this software. Triggerfow was originally developed for detecting side-channel vulnerabilities in OpenSSL. The work on Triggerfow led to a conference publication at DIMVA 2019, main author being the author of this thesis. The conference paper is included as appendix

Déjà Vu : Side-Channel Analysis of Mozilla's NSS

Recent work on Side Channel Analysis (SCA) targets old, well-known vulnerabilities, even previously exploited, reported, and patched in high-profile cryptography libraries. Nevertheless, researchers continue to find and exploit the same vulnerabilities in old and new products, highlighting a big issue among vendors: effectively tracking and fixing security vulnerabilities when disclosure is not done directly to them. In this work, we present another instance of this issue by performing the first library-wide SCA security evaluation of Mozilla's NSS security library. We use a combination of two independently-developed SCA security frameworks to identify and test security vulnerabilities. Our evaluation uncovers several new vulnerabilities in NSS affecting DSA, ECDSA, and RSA cryptosystems. We exploit said vulnerabilities and implement key recovery attacks using signals - -extracted through different techniques such as timing, microarchitecture, and EM - -and improved lattice methods.publishedVersionPeer reviewe