Quantitative estimation of side-channel leaks with neural networks

Information leaks via side channels remain a challenging problem to guarantee confidentiality. Static analysis is a prevalent approach for detecting side channels. However, the side-channel analysis poses challenges to the static techniques since they arise from non-functional aspects of systems and require an analysis of multiple traces. In addition, the outcome of static analysis is usually restricted to binary answers. In practice, real-world applications may need to disclose some aspects of the confidential information to ensure desired functionality. Therefore, quantification techniques are necessary to evaluate the resulting threats. In this paper, we propose a dynamic analysis technique to detect and quantify side channels. Our novel approach is to split the problem into two tasks. First, we learn a timing model of the program as a neural network. While the program implements the functionality, the neural network models the non-functional property that does not exist in the syntax or semantics of programs. Second, we analyze the neural network to quantify information leaks. As demonstrated in our experiments, both of these tasks are feasible in practice—making the approach a significant improvement over state-of-the-art side channel detectors and quantifiers. Thus, our key technical contributions are (a) a binarized neural network architecture that enables side-channel discovery and (b) a novel MILP-based counting algorithm to estimate the side-channel strength. On a set of benchmarks, we show that neural network models the timing of programs with thousands of methods precisely. We also show that neural networks with thousands of neurons can be efficiently analyzed to quantify information leaks via timing side channels.