{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T05:06:47Z","timestamp":1750309607186,"version":"3.41.0"},"reference-count":55,"publisher":"Association for Computing Machinery (ACM)","issue":"OOPSLA2","license":[{"start":{"date-parts":[[2023,10,16]],"date-time":"2023-10-16T00:00:00Z","timestamp":1697414400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1956032,CNS-1942851,CNS-2207197,CNS-1652790,CNS-1801534"],"award-info":[{"award-number":["CNS-1956032,CNS-1942851,CNS-2207197,CNS-1652790,CNS-1801534"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Program. Lang."],"published-print":{"date-parts":[[2023,10,16]]},"abstract":"Cache side-channel attacks leverage secret-dependent footprints in CPU cache to steal confidential information, such as encryption keys. Due to the lack of a proper abstraction for reasoning about cache side channels, existing static program analysis tools that can quantify or mitigate cache side channels are built on very different kinds of abstractions. As a consequence, it is hard to bridge advances in quantification and mitigation research. Moreover, existing abstractions lead to imprecise results. In this paper, we present a novel abstraction, called differential set, for analyzing cache side channels at compile time. A distinguishing feature of differential sets is that it allows compositional and precise reasoning about cache side channels. Moreover, it is the first abstraction that carries sufficient information for both side channel quantification and mitigation. Based on this new abstraction, we develop a static analysis tool DSA that automatically quantifies and mitigates cache side channel leakage at the same time. Experimental evaluation on a set of commonly used benchmarks shows that DSA can produce more precise leakage bound as well as mitigated code with fewer memory footprints, when compared with state-of-the-art tools that only quantify or mitigate cache side channel leakage.<\/jats:p>","DOI":"10.1145\/3622850","type":"journal-article","created":{"date-parts":[[2023,10,16]],"date-time":"2023-10-16T15:41:29Z","timestamp":1697470889000},"page":"1470-1498","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Quantifying and Mitigating Cache Side Channel Leakage with Differential Set"],"prefix":"10.1145","volume":"7","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-0842-4697","authenticated-orcid":false,"given":"Cong","family":"Ma","sequence":"first","affiliation":[{"name":"University of Waterloo, Waterloo, Canada"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0741-5511","authenticated-orcid":false,"given":"Dinghao","family":"Wu","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, State College, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6109-6091","authenticated-orcid":false,"given":"Gang","family":"Tan","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, State College, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9940-9951","authenticated-orcid":false,"given":"Mahmut Taylan","family":"Kandemir","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, State College, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1942-6872","authenticated-orcid":false,"given":"Danfeng","family":"Zhang","sequence":"additional","affiliation":[{"name":"Duke University, Durham, USA \/ Pennsylvania State University, State College, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,10,16]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/FDTC.2007.16"},{"key":"e_1_2_1_2_1","volume-title":"25th USENIX Security Symposium (USENIX Security 16)","author":"Almeida Jos\u00e9 Bacelar","year":"2016","unstructured":"Jos\u00e9 Bacelar Almeida , Manuel Barbosa , Gilles Barthe , Fran\u00e7ois Dupressoir , and Michael Emmi . 2016 . Verifying constant-time implementations . In 25th USENIX Security Symposium (USENIX Security 16) . 53\u201370. Jos\u00e9 Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Fran\u00e7ois Dupressoir, and Michael Emmi. 2016. Verifying constant-time implementations. In 25th USENIX Security Symposium (USENIX Security 16). 53\u201370."},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3062341.3062378"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-Companion52605.2021.00110"},{"key":"e_1_2_1_5_1","unstructured":"Eli Bendersky. 2022. pysparser. https:\/\/github.com\/eliben\/pycparser. https:\/\/github.com\/eliben\/pycparser \t\t\t\t Eli Bendersky. 2022. pysparser. https:\/\/github.com\/eliben\/pycparser. https:\/\/github.com\/eliben\/pycparser"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/11894063_16"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484583"},{"key":"e_1_2_1_8_1","volume-title":"Proceedings of the 11th USENIX Conference on Offensive Technologies (WOOT\u201917)","author":"Brasser Ferdinand","year":"2017","unstructured":"Ferdinand Brasser , Urs M\u00fcller , Alexandra Dmitrienko , Kari Kostiainen , Srdjan Capkun , and Ahmad-Reza Sadeghi . 2017 . Software Grand Exposure: SGX Cache Attacks Are Practical . In Proceedings of the 11th USENIX Conference on Offensive Technologies (WOOT\u201917) . 11\u201311. Ferdinand Brasser, Urs M\u00fcller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software Grand Exposure: SGX Cache Attacks Are Practical. In Proceedings of the 11th USENIX Conference on Offensive Technologies (WOOT\u201917). 11\u201311."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00022"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3485506"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3385412.3385970"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3314221.3314605"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134058"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24730-2_15"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.19"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00074"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-78800-3_24"},{"key":"e_1_2_1_18_1","volume-title":"CacheAudit: A Tool for the Static Analysis of Cache Side Channels. In 22nd USENIX Security Symposium (USENIX Security 13)","author":"Doychev Goran","year":"2013","unstructured":"Goran Doychev , Dominik Feld , Boris Kopf , Laurent Mauborgne , and Jan Reineke . 2013 . CacheAudit: A Tool for the Static Analysis of Cache Side Channels. In 22nd USENIX Security Symposium (USENIX Security 13) . USENIX Association, Washington, D.C.. 431\u2013446. isbn:978-1-93 1971-03-4 https:\/\/www.usenix.org\/conference\/usenixsecurity13\/technical-sessions\/paper\/doychev Goran Doychev, Dominik Feld, Boris Kopf, Laurent Mauborgne, and Jan Reineke. 2013. CacheAudit: A Tool for the Static Analysis of Cache Side Channels. In 22nd USENIX Security Symposium (USENIX Security 13). USENIX Association, Washington, D.C.. 431\u2013446. isbn:978-1-931971-03-4 https:\/\/www.usenix.org\/conference\/usenixsecurity13\/technical-sessions\/paper\/doychev"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3062341.3062388"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/352600.352606"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3065913.3065915"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.22"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2014.103"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516712"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.43"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSFW.2002.1021804"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.5281\/zenodo.8418984"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/11734727_14"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1554339.1554349"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460319.3464817"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/11605805_1"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2016.34"},{"key":"e_1_2_1_33_1","unstructured":"Colin Percival. 2005. Cache missing for fun and profit. In BSDCan. \t\t\t\t Colin Percival. 2005. Cache missing for fun and profit. In BSDCan."},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2017.8"},{"key":"e_1_2_1_35_1","volume-title":"Raccoon: Closing digital side-channels through obfuscated execution. In 24th $USENIX$ Security Symposium ($USENIX$ Security 15). 431\u2013446.","author":"Rane Ashay","year":"2015","unstructured":"Ashay Rane , Calvin Lin , and Mohit Tiwari . 2015 . Raccoon: Closing digital side-channels through obfuscated execution. In 24th $USENIX$ Security Symposium ($USENIX$ Security 15). 431\u2013446. Ashay Rane, Calvin Lin, and Mohit Tiwari. 2015. Raccoon: Closing digital side-channels through obfuscated execution. In 24th $USENIX$ Security Symposium ($USENIX$ Security 15). 431\u2013446."},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653687"},{"key":"e_1_2_1_37_1","volume-title":"Proceedings of the 6th USENIX Workshop on Offensive Technologies (WOOT). 34\u201340","author":"Schmitt Isabell","year":"2012","unstructured":"Isabell Schmitt and Sebastian Schinzel . 2012 . WAFFle: Fingerprinting Filter Rules of Web Application Firewalls . In Proceedings of the 6th USENIX Workshop on Offensive Technologies (WOOT). 34\u201340 . Isabell Schmitt and Sebastian Schinzel. 2012. WAFFle: Fingerprinting Filter Rules of Web Application Firewalls. In Proceedings of the 6th USENIX Workshop on Offensive Technologies (WOOT). 34\u201340."},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60876-1_1"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-00596-1_21"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-53288-8_22"},{"key":"e_1_2_1_41_1","unstructured":"2017. DARPA space\/time analysis for cybersecurity (STAC) program. http:\/\/www.darpa.mil\/program\/ space-time-analysis-for-cybersecurity. http:\/\/www.darpa.mil\/program\/ space-time-analysis-for-cybersecurity \t\t\t\t 2017. DARPA space\/time analysis for cybersecurity (STAC) program. http:\/\/www.darpa.mil\/program\/ space-time-analysis-for-cybersecurity. http:\/\/www.darpa.mil\/program\/ space-time-analysis-for-cybersecurity"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3177872"},{"key":"e_1_2_1_43_1","unstructured":"Paul Stone. 2013. Pixel Perfect Timing Attacks with HTML5. https:\/\/www.contextis.com\/media\/downloads\/Pixel_Perfect_Timing_Attacks_with_HTML5_Whitepaper.pdf \t\t\t\t Paul Stone. 2013. Pixel Perfect Timing Attacks with HTML5. https:\/\/www.contextis.com\/media\/downloads\/Pixel_Perfect_Timing_Attacks_with_HTML5_Whitepaper.pdf"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-009-9049-y"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3152701.3152706"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813632"},{"key":"e_1_2_1_47_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Wang Shuai","year":"2019","unstructured":"Shuai Wang , Yuyan Bao , Xiao Liu , Pei Wang , Danfeng Zhang , and Dinghao Wu . 2019 . Identifying Cache-Based Side Channels through Secret-Augmented Abstract Interpretation . In 28th USENIX Security Symposium (USENIX Security 19) . 657\u2013674. Shuai Wang, Yuyan Bao, Xiao Liu, Pei Wang, Danfeng Zhang, and Dinghao Wu. 2019. Identifying Cache-Based Side Channels through Secret-Augmented Abstract Interpretation. In 28th USENIX Security Symposium (USENIX Security 19). 657\u2013674."},{"key":"e_1_2_1_48_1","volume-title":"Proceedings of the 26th USENIX Security Symposium (USENIX Security 17)","author":"Wang Shuai","year":"2017","unstructured":"Shuai Wang , Pei Wang , Xiao Liu , Danfeng Zhang , and Dinghao Wu . 2017 . CacheD: Identifying Cache-Based Timing Channels in Production Software . In Proceedings of the 26th USENIX Security Symposium (USENIX Security 17) . USENIX Association, Vancouver, BC, Canada. 235\u2013252. Shuai Wang, Pei Wang, Xiao Liu, Danfeng Zhang, and Dinghao Wu. 2017. CacheD: Identifying Cache-Based Timing Channels in Production Software. In Proceedings of the 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, Canada. 235\u2013252."},{"key":"e_1_2_1_49_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Weiser Samuel","year":"2018","unstructured":"Samuel Weiser , Andreas Zankl , Raphael Spreitzer , Katja Miller , Stefan Mangard , and Georg Sigl . 2018 . DATA\u2013Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries . In 27th USENIX Security Symposium (USENIX Security 18) . 603\u2013620. Samuel Weiser, Andreas Zankl, Raphael Spreitzer, Katja Miller, Stefan Mangard, and Georg Sigl. 2018. DATA\u2013Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries. In 27th USENIX Security Symposium (USENIX Security 18). 603\u2013620."},{"volume-title":"Presented as part of the 21st USENIX Security Symposium (USENIX Security 12). 159\u2013173.","author":"Wu Zhenyu","key":"e_1_2_1_50_1","unstructured":"Zhenyu Wu , Zhang Xu , and Haining Wang . 2012. Whispers in the Hyper-space: High-speed Covert Channel Attacks in the Cloud . In Presented as part of the 21st USENIX Security Symposium (USENIX Security 12). 159\u2013173. Zhenyu Wu, Zhang Xu, and Haining Wang. 2012. Whispers in the Hyper-space: High-speed Covert Channel Attacks in the Cloud. In Presented as part of the 21st USENIX Security Symposium (USENIX Security 12). 159\u2013173."},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134016"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046660.2046670"},{"key":"e_1_2_1_53_1","volume-title":"Proceedings of the 23rd USENIX Conference on Security Symposium (SEC\u201914)","author":"Yarom Yuval","year":"2014","unstructured":"Yuval Yarom and Katrina Falkner . 2014 . FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack . In Proceedings of the 23rd USENIX Conference on Security Symposium (SEC\u201914) . USENIX Association, USA. 719\u2013732. isbn:978 1931971157 Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In Proceedings of the 23rd USENIX Conference on Security Symposium (SEC\u201914). USENIX Association, USA. 719\u2013732. isbn:9781931971157"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1007\/s13389-017-0152-y"},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382230"}],"container-title":["Proceedings of the ACM on Programming Languages"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3622850","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3622850","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:57:27Z","timestamp":1750298247000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3622850"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,16]]},"references-count":55,"journal-issue":{"issue":"OOPSLA2","published-print":{"date-parts":[[2023,10,16]]}},"alternative-id":["10.1145\/3622850"],"URL":"https:\/\/doi.org\/10.1145\/3622850","relation":{},"ISSN":["2475-1421"],"issn-type":[{"type":"electronic","value":"2475-1421"}],"subject":[],"published":{"date-parts":[[2023,10,16]]},"assertion":[{"value":"2023-10-16","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}