# Attack Synthesis for Strings using Meta-Heuristics

**Authors:** Seemanta Saha, Ismet Burak Kadron, William Eiers, Lucas Bang, and, Tevfik Bultan

arXiv: 1907.11710 · 2019-07-30

## TL;DR

This paper introduces automated methods for synthesizing side-channel attacks on string manipulation code, leveraging symbolic execution, model counting, and meta-heuristics to recover secret strings from timing observations.

## Contribution

It presents a novel combination of symbolic execution, automata-based model counting, and meta-heuristics for attack synthesis targeting string-related side channels.

## Key findings

- Successfully recovers secret strings through synthesized timing attacks.
- Demonstrates effectiveness of combining symbolic execution with meta-heuristics.
- Provides a framework for automated attack generation on string manipulation code.

## Abstract

Information leaks are a significant problem in modern computer systems and string manipulation is prevalent in modern software. We present techniques for automated synthesis of side-channel attacks that recover secret string values based on timing observations on string manipulating code. Our attack synthesis techniques iteratively generate inputs which, when fed to code that accesses the secret, reveal partial information about the secret based on the timing observations, leading to recovery of the secret at the end of the attack sequence. We use symbolic execution to extract path constraints, automata-based model counting to estimate the probability of execution paths, and meta-heuristic methods to maximize information gain based on entropy for synthesizing adaptive attack steps.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1907.11710/full.md

## Figures

1 figure with captions in the complete paper: https://tomesphere.com/paper/1907.11710/full.md

## References

18 references — full list in the complete paper: https://tomesphere.com/paper/1907.11710/full.md

---
Source: https://tomesphere.com/paper/1907.11710