"Secure Refinement of Cryptographic Algorithms".

Abstract:
Side-channel attacks exploit details of a system’s physical 
implementation that has not been considered in the system’s model. 
Recently, cache side-channel attacks have received an increasing 
popularity. The goal of my research project is to improve the 
quantitative cache side-channel analysis of cryptographic algorithm 
implementations by using program analysis. This project is challenging 
because completeness, soundness, and efficiency of a program analysis 
usually cannot be achieved in combination. CacheAudit is a 
state-of-the-art tool in quantitative analysis of cache side channels. 
It computes an upper bound on the leaked secret information. As a 
starting point, my current focus is on extending CacheAudit to handle 
more cryptographic algorithm implementations by adding more 
instructions. Additionally, my research also concerns comparing 
different existing abstractions in two versions of this tool, with 
respect to precision and performance. Furthermore, we will enhance the 
precision and/or performance of this tool by improving the existing 
abstractions or proposing new abstractions. Overall, the results of my 
research shall contribute to novel program analyses for identifying 
side channels in implementations of cryptographic algorithms, so that 
vulnerabilities can be avoided by the developer in the code design phase.