Discriminating Traces with Time

TL;DR

This paper introduces a formal framework for trace-set discrimination to understand program timing differences, showing that decision trees can effectively and scalably identify internals related to timing variations, aiding in debugging vulnerabilities.

Contribution

It proposes a novel formal framework for trace-set discrimination and demonstrates that decision trees can scalably and accurately discriminate program internals based on timing data.

Findings

Decision trees accurately discriminate timing differences in Java benchmarks.

ILP and decision tree approaches are effective despite NP-hardness.

Decision trees assist in debugging timing side-channel and availability vulnerabilities.

Abstract

What properties about the internals of a program explain the possible differences in its overall running time for different inputs? In this paper, we propose a formal framework for considering this question we dub trace-set discrimination. We show that even though the algorithmic problem of computing maximum likelihood discriminants is NP-hard, approaches based on integer linear programming (ILP) and decision tree learning can be useful in zeroing-in on the program internals. On a set of Java benchmarks, we find that compactly-represented decision trees scalably discriminate with high accuracy---more scalably than maximum likelihood discriminants and with comparable accuracy. We demonstrate on three larger case studies how decision-tree discriminants produced by our tool are useful for debugging timing side-channel vulnerabilities (i.e., where a malicious observer infers secrets simply from passively watching execution times) and availability vulnerabilities.