Detection of leaks through exception mechanisms Salim Yahia Kissi LRIT University of Abou Bekr Belkaid Tlemcen, Algeria 0000-0002-9222-0291 Yassamine Seladji LRIT University of Abou Bekr Belkaid Tlemcen, Algeria 0000-0002-2471-8012 Rab´ ea Ameur-Boulifa LTCI, T´ el´ ecom Paris Institut Polytechnique de Paris France 0000-0003-2778-7555 Abstract—A timing attack is a security exploit that allows an attacker to discover vulnerabilities in the security of a computer or network system by analysing the execution time of algorithms. This is because each operation in a program takes time to be executed, and this time may vary depending on its inputs and the characteristics of the microprocessor on which it runs. With accurate time measurements for each operation, it may be possible for an attacker to discover secrets through the analysis of the execution time of a program. This paper presents an automatable approach for detecting information leakage in programs through timing information. It is based on the Z3-SMT solver. It allows to detect vulnerabilities in a software code according to a given security specification and target architecture. This paper also features some research issues that will be addressed during my thesis. Index Terms—Formal analysis, Vulnerabilities detection, Exe- cution environment, Timing information, Exception. I. I NTRODUCTION In a computer system, a vulnerability is a security hole that can be exploited by an attacker and may lead to the alteration of software behaviour or the disclosure of secret information. These flaws that endanger the overall security of the system can be weaknesses either in the hardware itself or in the software that runs on the hardware. Secure software can be obtained out of two distinct pro- cesses: Security by Design, and Security by Certification. The former approach has been quite extensively formalized, it relies on the construction of models, which are analysed and verified to ensure that the security (and safety) properties are met, and from which software code is then derived manually or automatically. In contrast, the latter approach has been quite always informal in both specifying security best practices and verifying that the code produced conforms to them. Building secure software is much more difficult than finding vulnerabilities and weaknesses in a program. It requires establishing the mechanisms to protect the software and avoid flaws that can be the source of serious vulnerabilities. Amongst security vulnerabilities, information leakage is one of the major security issues facing many organisations today. The community working on web application security OWASP [2] listed it in the Top 10 of security issues under ”sensi- tive data exposure”. In general, information leakage happens whenever a system reveals some information to unauthorized parties nonetheless. There is a clear need to limit security vulnerabilities in programs, especially in critical ones, however this is a difficult task. Developers have to imagine as many possible attacks in order to incorporate countermeasures that can mitigate the number of exploitable vulnerabilities. There are organisations (such as CESTI 1 ) that assess the security of embedded soft- ware and try to find vulnerabilities in programs. Currently, the assessments consist mainly of code reviews by hand (done by experts), these have the disadvantage of being very difficult and time consuming. There is therefore a need for automated analysis in this area. The objective of our work is to develop a tool to assist experts in their research and to help to find errors (and bugs) that may lead to a security breach in a software code. Our approach to uncovering software vulnerabilities relies on formal hardware/software co-analysis. We basically start from the premise that the security threats in systems are not limited to the software alone. Vulnerabilities may arise from hardware/software interaction or from the hardware itself. To clarify what are the issues and how the tool works, an example of Java code is given in Listing 1. The idea is that the content of the variable secret must not be known to the outside world (is a secret as it says). But as it can be experienced, running this code on a machine equipped with the Intel® Core™ i5-8300H 2.3 GHz processor ends up revealing the secret on the outside. Upon closer inspection of the cause of this unexpected and undesirable result, it becomes clear that the leakage is due to a combination of factors, including improper exception handling and the intrinsic characteristics of the execution environment. Of course, an unknown party may exploit such situations to obtain sensible or confidential information. In this example, it is easy to find vulnerabilities but experts who analyse programs are faced with source codes of several thousand lines and even longer. So it is not possible to find all vulnerabilities that can be exploited in real-world conditions. In addition, it requires experts to be aware of all types of improper handling errors and their impact on a program. In a previous work, we have presented an approach that can help programmers prevent weaknesses resulting from potential flaws in C programs, particularly those due to arithmetic operations going out of memory space [15], [16]. The ad- vocated approach for detecting vulnerabilities in a program is 1 Centre d’´ evaluation de la s´ ecurit´ e des technologies de l’information agr´ e´ e par l’ANSSI