@article{Yan2023, 
author = {Fei Yan and Rushan Wu and Liqiang Zhang and Yue Cao},
title = {SPIDER: Speeding up Side-Channel Vulnerability Detection via Test Suite Reduction},
year = {2023},
journal = {Tsinghua Science and Technology},
volume = {28},
number = {1},
pages = {47-58},
keywords = {dynamic analysis, side-channel detection, test suite reduction},
url = {https://www.sciopen.com/article/10.26599/TST.2021.9010078},
doi = {10.26599/TST.2021.9010078},
abstract = {Side-channel attacks allow adversaries to infer sensitive information, such as cryptographic keys or private user data, by monitoring unintentional information leaks of running programs. Prior side-channel detection methods can identify numerous potential vulnerabilities in cryptographic implementations with a small amount of execution traces due to the high diffusion of secret inputs in crypto primitives. However, because non-cryptographic programs cover different paths under various sensitive inputs, extending existing tools for identifying information leaks to non-cryptographic applications suffers from either insufficient path coverage or redundant testing. To address these limitations, we propose a new dynamic analysis framework named SPIDER that uses fuzzing, execution profiling, and clustering for a high path coverage and test suite reduction, and then speeds up the dynamic analysis of side-channel vulnerability detection in non-cryptographic programs. We analyze eight non-cryptographic programs and ten cryptographic algorithms under SPIDER in a fully automated way, and our results confirm the effectiveness of test suite reduction and the vulnerability detection accuracy of the whole framework.}
}