CN115329346B

CN115329346B - Method and device for detecting side channel loophole

Info

Publication number: CN115329346B
Application number: CN202211226920.6A
Authority: CN
Inventors: 张殷乾; 闫守孟; 邓森; 汤怡宁
Original assignee: Alipay Hangzhou Information Technology Co Ltd; Southwest University of Science and Technology
Current assignee: Alipay Hangzhou Information Technology Co Ltd; Southwest University of Science and Technology
Priority date: 2022-10-09
Filing date: 2022-10-09
Publication date: 2023-03-24
Anticipated expiration: 2042-10-09
Also published as: CN115329346A

Abstract

The present specification provides a method and apparatus for detecting side channel vulnerabilities. Wherein the method comprises the following steps: performing dynamic taint analysis on software to be processed to obtain a taint function used for processing taint data associated with secret information in the software to be processed; performing symbolic execution on any taint function, and detecting whether two write-in parameters respectively corresponding to a pair of memory write instructions meet constraint conditions or not under the condition that any taint function is determined to comprise a pair of memory write instructions aiming at the same memory address and the write-in parameter corresponding to at least one memory write instruction in the pair of memory write instructions comprises a taint symbol related to taint data, wherein the constraint conditions comprise: the two write parameters are equal under the first symbol value condition and are not equal under the second symbol value condition; and under the condition that the two write-in parameters meet the constraint condition, determining a pair of memory write instructions as side channel bugs existing in the software to be processed.

Description

Method and device for detecting side channel loophole

Technical Field

The embodiment of the specification belongs to the technical field of computers, and particularly relates to a method and a device for detecting side channel bugs.

Background

A Trusted Execution Environment (TEE) is a secure area within the CPU that runs in a separate Environment and in parallel with the operating system. With the help of a hardware trust root and a flash memory encryption engine, the TEE can provide an isolated environment for data processing, and confidentiality and integrity of a program running in the TEE are guaranteed.

Memory encryption is the main means of TEE to protect memory data, and it can effectively prevent an attacker from directly obtaining secret information in TEE by accessing memory content at software level or physical level, however, TEEs supporting large-scale encrypted memories, such as AMD SEV and Intel SGX, all use AES (Advanced encryption standard) encryption with deterministic block-based operation mode, and in this design mode, the same plaintext block at the same physical address is always encrypted to the same ciphertext block, which results in side channel hole. When secret information is stored at a fixed physical address, an attacker with ciphertext reading rights may be able to recover some plaintext information from the encrypted memory, resulting in leakage of the secret information in the TEE.

Disclosure of Invention

The invention aims to provide a method and a device for detecting side channel loopholes.

According to a first aspect of one or more embodiments of the present specification, a method for detecting side channel bugs is provided, including:

performing dynamic taint analysis on software to be processed to obtain a taint function used for processing taint data associated with secret information in the software to be processed;

performing symbolic execution on any taint function, and detecting whether two write-in parameters respectively corresponding to a pair of memory write instructions meet constraint conditions or not under the condition that the taint function is determined to comprise a pair of memory write instructions aiming at the same memory address and the write-in parameter corresponding to at least one memory write instruction in the pair of memory write instructions comprises a taint symbol related to taint data, wherein the constraint conditions comprise: the two write parameters are equal under the condition of a first symbol value and are not equal under the condition of a second symbol value;

and under the condition that the two write-in parameters meet the constraint condition, determining the pair of memory write-in instructions as side channel bugs existing in the software to be processed.

According to a second aspect of one or more embodiments of the present specification, there is provided an apparatus for detecting a side channel vulnerability, including:

the dynamic taint analysis unit is used for carrying out dynamic taint analysis on the software to be processed to obtain a taint function used for processing taint data associated with secret information in the software to be processed;

a symbolic execution unit, configured to perform symbolic execution on any taint function, and detect whether two write parameters corresponding to each of a pair of memory write instructions satisfy a constraint condition when it is determined that the taint function includes a pair of memory write instructions for a same memory address and a write parameter corresponding to at least one of the pair of memory write instructions includes a taint symbol related to taint data, where the constraint condition includes: the two write parameters are equal under the condition of a first symbol value and are not equal under the condition of a second symbol value;

and the vulnerability determining unit is used for determining the pair of memory writing instructions as side channel vulnerabilities existing in the software to be processed under the condition that the two writing parameters meet the constraint conditions.

According to a third aspect of one or more embodiments of the present specification, there is provided an electronic device comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor implements the method of any of the first aspects by executing the executable instructions.

According to a fourth aspect of one or more embodiments of the present description, there is provided a computer-readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the method according to any one of the first aspect.

The embodiment of the specification designs a hybrid analysis scheme for detecting the side channel bug existing in the software to be processed, and the hybrid analysis scheme comprises the steps of firstly tracking the use condition of secret information in the whole software to be processed through dynamic taint analysis to obtain at least one taint function, then performing static symbolic execution on each taint function, and determining an instruction meeting constraint conditions as the side channel bug existing in the software to be processed. The embodiment of the specification actually defines a novel side channel vulnerability, namely two write instructions aiming at the same memory address may be equal or unequal under different value conditions, so that an attacker with ciphertext reading permission can reversely deduce the plaintext of related taint data running in the software to be processed by observing the encrypted memory write-in behavior, and the embodiment of the specification judges whether any taint function contains a pair of memory write instructions aiming at the same memory address and relating to writing taint symbols, and sets the constraint conditions that the two write parameters are equal under a first symbol value condition and unequal under a second symbol value condition, so that the novel side channel vulnerability can be detected; meanwhile, compared with a method for detecting side channel bugs in the related art, the embodiment of the specification provides the mixed analysis scheme for the first time, and the embodiment of the specification can more comprehensively analyze the side channel bugs existing in the software to be processed by combining dynamic taint analysis and static symbol execution.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments described in the present disclosure, and it is obvious for a person skilled in the art to obtain other drawings based on these drawings without inventive labor.

Fig. 1 is a flowchart of a method for detecting side channel vulnerabilities according to an exemplary embodiment.

Fig. 2 is a schematic structural diagram of an apparatus according to an exemplary embodiment.

Fig. 3 is a block diagram of an apparatus for detecting a side channel vulnerability according to an exemplary embodiment.

Detailed Description

In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present specification without making any creative effort shall fall within the protection scope of the present specification.

Referring to fig. 1, fig. 1 is a flowchart illustrating a method for detecting side channel vulnerabilities according to an exemplary embodiment. As shown in fig. 1, the method includes:

s102: and performing dynamic taint analysis on the software to be processed to obtain a taint function used for processing taint data associated with secret information in the software to be processed.

In the related art, the taint analysis can be abstracted into a form of a triple < sources, sinks, sanizers >, wherein the sources, i.e. the taint source, represents the direct introduction of untrusted data or confidential data into the software to be processed; sink, i.e. taint point of convergence, represents directly generating security sensitive operations (violating data integrity) or revealing private data to the outside (violating data confidentiality); the sanitizer is harmless treatment and represents that data transmission does not harm information safety of software to be treated by means of data encryption or harm removing operation and the like. The taint analysis is to analyze whether data introduced by a taint source in software to be processed can be directly transmitted to a taint gathering point without harmless treatment. If not, the information flow in the software to be processed is safe; otherwise, the security problems such as privacy data leakage or dangerous data operation and the like of the software to be processed are explained.

Taint analysis can be divided into static taint analysis and dynamic taint analysis according to whether to actually run the software to be processed. The static taint analysis is to detect whether data can be transmitted from a taint source to a taint gathering point or not by analyzing the data dependency relationship among program variables on the premise of not running and not modifying the codes of software to be processed; the dynamic taint analysis means that whether data can be transmitted from a taint source to a taint gathering point or not is detected by monitoring the spread of taint data of software to be processed in the software to be processed in real time in the program running process.

In an embodiment of the present specification, the performing dynamic taint analysis on software to be processed includes:

triggering and executing the software to be processed by utilizing a pre-constructed input parameter, and carrying out dynamic taint analysis on the software to be processed in the executing process through a dynamic taint analysis model; the taint source corresponding to the dynamic taint analysis comprises the secret information, and the taint gathering point corresponding to the dynamic taint analysis comprises input parameters corresponding to any function in the software to be processed, return values of other called functions and reading parameters corresponding to a memory reading instruction contained in the input parameters;

and under the condition that any taint point of convergence contains the taint data, determining a function where the taint point of convergence is located as a taint function used for processing the taint data in the software to be processed.

In the embodiment of the present specification, by performing dynamic taint analysis on software to be processed, at least one taint function included in the software to be processed can be determined, and the taint functions form a set, which is called a taint function set. The taint function included in the taint function set specifically refers to a function for directly or indirectly processing taint data associated with secret information in the software to be processed, wherein the taint data refers to data introduced by a taint source or data associated with the taint source, and since the taint source is set as the secret information in the software to be processed in the embodiment of the present specification, the taint data referred to in the embodiment of the present specification refers to data associated with the secret information, such as the secret information itself or secret associated information obtained by spreading the secret information through an explicit or implicit information stream.

The software to be processed according to the embodiments of the present disclosure may theoretically include any program software, which may be complete production-type encryption software, such as OpenSSL (Open Secure Sockets Layer), mbedTLS (an Open source, portable, easy-to-use, and highly code-readable SSL library), and WolfSSL (a lightweight SSL library), or a part of a cryptographic library (a part of an encryption program in the encryption software) corresponding to different encryption algorithms in the encryption software, such as ECDSA (Elliptic Curve Digital Signature Algorithm), RSA (rivetmiradleman, public key encryption Algorithm), and ECDH (Elliptic Curve customer-Hellman key Exchange). In the case that the to-be-processed software is complete or partial encryption software, the secret information in the to-be-processed software according to the embodiments of the present specification may include a user key for encryption and decryption in the encryption software.

Since the taint point is set as the input parameter corresponding to any function in the software to be processed, the return value of other functions called by the taint point and the read parameter corresponding to the memory read instruction contained in the taint point, and the taint function is determined by the position of the taint point where the taint point data is detected in the software to be processed, any taint function determined in the embodiments of the present description at least meets one of the following conditions: (1) any input parameter of the function contains taint data; (2) the return values of other functions called by the function contain taint data; (3) the function loads the dirty data from memory.

The dynamic taint analysis model according to the embodiments of the present specification includes some existing path-based side-channel vulnerability detection tools, such as DFSan (dataflowsaizer, a dynamic dataflow analysis tool). The source code of the software to be processed is input into the dynamic taint analysis model so as to determine the object of dynamic taint analysis, and meanwhile, the software to be processed is triggered and executed by utilizing the pre-constructed input parameters aiming at the software to be processed (different input parameters are repeatedly input to trigger and execute the software to be processed for multiple times), so that the dynamic taint analysis model can analyze the condition of each information flow of the software to be processed in the execution state. For the side channel vulnerability detection tool, good input parameters aiming at the software to be processed can cover the main steps of the software to be processed, for example, in the case that the software to be processed is encrypted software, the analysis process can cover the main steps of encryption and decryption (involving encryption and decryption by using a user key as secret information). In the process of utilizing DFsan to carry out dynamic taint analysis, explicit information flow and implicit information flow can be tracked simultaneously, and taint propagation among functions is considered, so that polluted paths are screened as comprehensively as possible to determine taint functions which can generate side channel bugs.

S104: performing symbolic execution on any taint function, and under the condition that any taint function is determined to comprise a pair of memory write instructions aiming at the same memory address, and write-in parameters corresponding to at least one memory write instruction in the pair of memory write instructions comprise taint symbols related to taint data, detecting whether two write-in parameters respectively corresponding to the pair of memory write instructions meet constraint conditions, wherein the constraint conditions comprise: the two write parameters are equal under the first symbol value condition and are not equal under the second symbol value condition.

In computer science, symbolic execution technology refers to a method for determining which input vectors correspond to a vector that results in the execution of a program by a program analysis method. The symbolic execution technique is a white-box static analysis technique. That is, possible inputs to the parser require support that can be obtained to the target source code. At the same time, it is static in that there is no actual execution program itself, but rather the execution path of the program is analyzed. The key idea of symbolic execution is to change an input parameter to a symbolic value, and then the other parameters related to the input parameter during program execution are an expression with the symbolic value.

Symbolic execution maintains two variables globally. One is the symbol state, which represents a mapping from variables to symbolic expressions. The second is symbolized path constraint, which is a first order formulation without quantifier, and is used to express path conditions. At the beginning of symbol execution, the symbol state is initialized to an empty map and the symbolic path constraint is initialized to true. The symbol states and path constraints are continuously updated during symbol execution. At the end of symbol execution, the path constraint under the current path is solved by a constraint solver to generate the actual input values of the symbols in the symbol state. If the actual input value is executed by a program, the path explored in the symbol execution process, namely the path represented by the formula of the path constraint at the moment, is taken.

After a taint function set is obtained by performing dynamic taint analysis on software to be processed, symbolic execution can be performed on any taint function included in the taint function set so as to detect side channel bugs possibly existing in any taint function (including a function called by any taint function). Of course, symbolic execution may be performed on each taint function included in the taint function set one by one, so as to achieve comprehensive detection of all taint functions related to the software to be processed, thereby detecting possible side channel bugs as comprehensively as possible.

In an embodiment of the present specification, the performing symbolic execution on any taint function includes:

expressing the taint parameters containing the taint data in any taint function by using taint symbols according to the result of the dynamic taint analysis, and expressing the non-taint parameters not containing the taint data in any taint function by using non-taint symbols;

performing the arbitrary taint function using taint symbols and non-taint symbols.

Since the taint data are marked in the dynamic taint analysis stage, and the taint data can be input parameters of a function, data loaded from a memory or return values of a function call point, parameters (namely taint parameters) polluted in any taint function can be determined and obtained through the result of the dynamic taint analysis, specifically, parameters containing taint data in any taint function are determined as taint parameters, and parameters not containing taint data are determined as non-taint parameters. In the symbolic execution phase, the taint parameters in any taint function can be represented using a newly created taint symbol, while those parameters that are temporarily unknown or non-taint parameters are represented using another non-taint symbol that is distinct from the taint symbol. It should be noted that the dirty symbol and the non-dirty symbol are regarded as an attribute represented by a symbol corresponding to a parameter, but not as a determined value or symbol, and although different dirty parameters are represented by dirty symbols, specific dirty symbols corresponding to different dirty parameters are still different, for example, a dirty symbol is denoted by "k", specific dirty symbols corresponding to different dirty parameters are denoted by "k1, k2, k3 … …", a non-dirty symbol is denoted by "s", and specific dirty symbols corresponding to different non-dirty parameters are denoted by "s1, s2, s3 … …".

As described above, a global variable symbol state is maintained in the process of symbol execution, if a new parameter occurs during execution of a certain instruction, we first check whether the value of the parameter depends on other parameters that have occurred in the symbol state, and if so, represent the new parameter by a symbol expression corresponding to the parameter that has occurred; if the value of the parameter does not depend on other parameters which appear (namely the parameter appears for the first time), a new symbol is given to the parameter according to the attribute of whether the parameter is polluted or not for representing the parameter. Meanwhile, in the process of executing the symbol, an instance corresponding to entering different branch paths is also created when the program faces a branch (for example, the program is executed to an if statement), and path constraints relied on under the current path are recorded (namely, the current path can be entered when the value conditions of each parameter in the current symbol state are the same).

In this embodiment of the present specification, by performing symbolic execution on any taint function and analyzing each path, it can be determined whether any taint function includes a pair of memory write instructions that meet requirements. The taint function referred to in this embodiment may be an assembly function, specifically, an assembly function obtained by performing decompiling (for example, using an angr tool) on a corresponding function in the source code of the program to be processed.

In an embodiment of the present specification, the performing of the any taint function using taint symbols and non-taint symbols comprises:

and executing the instructions included by any taint function one by using taint symbols and non-taint symbols, and updating a first write-in parameter corresponding to any memory write-in instruction as a latest write-in parameter corresponding to a first memory address aimed at by any memory write-in instruction to a memory write-in table in the process of executing any memory write-in instruction, wherein the memory write-in table includes the latest write-in parameter corresponding to each memory address.

In the embodiment of the present specification, a continuously updated memory write table is maintained in the process of executing the symbol execution, where the memory write table records an instruction position, a written memory address, and a write parameter corresponding to each memory write instruction included in the taint function before the current instruction position in the process of executing the symbol. Specifically, the memory write table maintains a latest memory write instruction and a corresponding latest write parameter for each memory address, where the latest memory write instruction corresponding to any memory address is a memory write instruction for the memory address that is before and closest to the current instruction position, and the latest write parameter is a write parameter corresponding to the latest memory write instruction. In order to construct the memory write table, in the embodiment of the present specification, after any memory write instruction (which is considered to be sequentially detected but not actually executed) is executed in a process of executing a symbol, a first memory address and a first write parameter corresponding to the any memory write instruction are obtained through detection, and a latest memory write instruction corresponding to the first memory address is found in the memory write table based on the first memory address, where, of course, a result of the finding may also be that the latest memory write instruction corresponding to the first memory address does not exist temporarily, and regardless of a result of the finding, the any memory write instruction is updated to the latest memory write instruction corresponding to the first memory address in the latest memory write table, and meanwhile, the first write parameter is recorded as the latest write parameter corresponding to the first memory address, and an instruction position corresponding to the latest memory write instruction is recorded.

In an embodiment of the present specification, before updating the first write parameter to the memory write table, the method further includes:

searching in the memory write-in table to obtain the latest write-in parameter corresponding to the first memory address;

and under the condition that the first write parameter and/or the latest write parameter corresponding to the first memory address contain/contains a dirty symbol, determining that any dirty function contains a pair of memory write instructions aiming at the same memory address, and the write parameter corresponding to at least one memory write instruction in the pair of memory write instructions contains/contains the dirty symbol.

In this embodiment of the present specification, a final purpose of the symbol execution is to detect whether there is a pair of memory write instructions for a same memory address in any one of the taint functions, and meanwhile, a write parameter corresponding to at least one memory write instruction in the pair of memory write instructions includes a taint symbol (that is, the write parameter is a symbolic expression including the taint symbol in the symbol execution process). Specifically, if the to-be-processed software is run in the trusted execution environment, under the action of the memory encryption engine of the trusted execution environment, data actually written into the memory when the to-be-processed software is run is in a ciphertext state, so an attacker with ciphertext reading authority cannot obtain any information by directly reading the memory, but if the attacker finds out a certain memory address through analysis in advance that a novel side channel hole related to the embodiment of the present specification exists, the attacker can continuously observe whether a continuous writing behavior occurs to the memory address. If the ciphertexts written by the continuous writing behaviors are the same, an attacker can directly deduce that the plaintext corresponding to the ciphertexts written at this time is the original written data (the writing parameters of the memory writing instruction) which is tested in advance and causes the phenomenon of 'continuously writing the same data in the same memory'; or, if the ciphertexts written by the continuous writing behaviors are different, the attacker can directly deduce that the plaintext corresponding to the ciphertexts written at this time is the original written data which is tested in advance and causes the phenomenon of 'continuously writing different data in the same memory'. And because the original write data is related to the secret information in the software to be processed, an attacker can indirectly deduce the secret information through the side channel vulnerability.

It can be seen that the generation of the side channel hole depends on: (1) a pair of memory write commands for the same memory address; (2) Write parameters corresponding to at least one memory write instruction in the pair of memory write instructions are related to secret information; (3) The pair of memory write instructions presents the phenomenon that the written values may be equal or unequal under different initial conditions of the operation of the software to be processed.

The above symbol execution consists in detecting the above-mentioned conditions (1) and (2). Specifically, when any memory write instruction is executed without updating the memory write table, whether a latest write parameter corresponding to a first memory address targeted by the any memory write instruction is recorded in the memory write table in advance is checked, if yes, the dependency condition (1) is met, and at the moment, the latest write parameter corresponding to the any memory write instruction and the first memory address forms the pair of memory write instructions which need to be detected; and simultaneously detecting whether at least one of the first write-in parameters corresponding to any memory write address and the latest write-in parameters corresponding to the first memory address contains a taint symbol, and if at least one of the parameters contains the taint symbol, indicating that the dependency condition (2) is met. After determining that the first memory address is obtained, the memory address (due to the possibility of multiple aliases for the same memory address) targeted by the latest memory write instruction having syntax equivalence with the first memory address may be checked in the memory write table to determine whether the memory write table already contains the latest memory write instruction corresponding to the first memory address.

In this embodiment, the side channel bug is generated further depending on that the pair of memory write instructions must be consecutive in all memory write instructions for the same memory address, that is, there is no other memory write instruction for the same memory address between the pair of memory write instructions in any taint function. Because in this case, the attacker can observe the phenomenon of "continuously writing the same data in the same memory" or "continuously writing different data in the same memory". Through the maintenance and update mechanism of the memory write-in table, only one latest memory write instruction and the latest write parameter corresponding to the latest memory write instruction are maintained for each memory address in the memory write-in table, so that it can be ensured that any memory write instruction of the pair of memory write instructions and the latest write parameter corresponding to the first memory address are continuous in all memory write instructions for the first memory address, that is, in any taint function, no other memory write instruction for the first memory address exists between any memory write instruction and the latest write parameter corresponding to the first memory address.

In this embodiment of the present specification, the updating, to the memory write table, the first write parameter corresponding to the any memory write instruction as a latest write parameter corresponding to the first memory address targeted by the any memory write instruction includes:

and under the condition that the first write-in parameter comprises a dirty symbol, updating the first write-in parameter to the memory write-in table as a latest write-in parameter corresponding to the first memory address.

In this embodiment of the present specification, an update rule of the memory write table is limited, so that only when a first write parameter corresponding to any one of the memory write instructions includes a dirty symbol, the memory write instruction is updated to a latest memory write instruction corresponding to the first memory address and is recorded in the memory write table, and at the same time, the first write parameter is updated to a latest write parameter corresponding to the first memory address and is recorded in the memory write table. In this embodiment of the present disclosure, it may be ensured that the latest write parameters corresponding to any memory address in the memory write table all relate to a dirty symbol, and therefore, when it is determined whether the dependency conditions (1) and (2) are satisfied, it may be determined that any dirty function includes a pair of memory write instructions for the same memory address and the write parameter corresponding to at least one memory write instruction in the pair of memory write instructions includes a dirty symbol only under the condition that the latest write parameter corresponding to the first memory address is obtained by searching in the memory write table, and it is not necessary to repeatedly determine whether the first write parameter and/or the latest write parameter corresponding to the first memory address includes a dirty symbol, so that the time for detecting the pair of memory write instructions satisfying the dependency conditions (1) and (2) in symbol execution is shortened.

and executing instructions included by any taint function one by using taint symbols and non-taint symbols, maintaining and updating a symbol state corresponding to any taint function and a path constraint obtained based on the symbol state in the executing process, wherein the symbol state comprises symbol expressions of parameters currently involved in any taint function after the current instruction is executed, the path constraint comprises a symbol value condition required by the current instruction, and the constraint condition further comprises the path constraint.

As previously described, during symbolic execution of any of the taint functions, corresponding symbolic states are maintained and path constraints are derived based on the symbolic states. The symbolic state maintains the symbolic expressions of the currently defined parameters according to the execution progress of the current symbol, the path constraint is essentially a symbol value condition required for executing any one taint function to the current instruction position, and the symbol value condition is the range limitation of the initial values of the symbols of at least part of the parameters in the current symbolic state. The path constraint can be added into a constraint condition, so that the first symbol value condition and the second symbol value condition obtained by final solution meet the path constraint, thereby ensuring that the phenomenon of continuously writing the same data in the same memory under the first symbol value condition or the phenomenon of continuously writing different data in the same memory under the second symbol value condition can actually occur when any taint function is actually executed, and improving the accuracy of side channel bugs obtained by detection.

In this embodiment of the present specification, any symbol value condition includes an initial value of a symbol used to represent at least part of parameters in any taint function. When the actual value is used to replace the symbol to be brought into execution of any one of the taint functions, a corresponding result can be achieved theoretically, that is, a result of continuously writing the same data in the same memory can be obtained by actually executing any one of the taint functions under the condition of a first symbol value, or a result of continuously writing different data in the same memory can be obtained by actually executing any one of the taint functions under the condition of a second symbol value. All parameters involved in any taint function need not be constrained to achieve the corresponding result, and some of the parameters are dependent parameters (i.e., parameters whose values depend on other parameters) and no additional assignment is needed, because dependent parameters can be explicitly calculated in the execution process, so that only initial values need to be given to parameters that are not dependent (i.e., parameters whose values do not depend on other parameters).

S106: and under the condition that the two write-in parameters meet the constraint condition, determining the pair of memory write-in instructions as side channel bugs existing in the software to be processed.

As described above, a pair of memory write instructions satisfying the above-described dependency conditions (1) and (2) can be determined by symbolic execution, but satisfying only the dependency conditions (1) and (2) does not necessarily constitute a side channel hole, because: assuming that symbol execution determines that a pair of memory write instructions is i1 and i2, the write parameters corresponding to the memory write instructions are k1 and k2, respectively, and an encrypted write operation of the same memory address a1 to which i1 and i2 are directed is defined as W (), ciphertexts actually written into the memory a1 and k1 after the memory write instructions i1 and i2 are executed in the trusted execution environment are W (k 1) and W (k 2), respectively. If in any case, W (k 1) and W (k 2) actually written into the memory a1 are kept unchanged, an attacker observes that the ciphertext block of a1 is kept unchanged continuously under the continuous writing operation; or, in any case, W (k 1) and W (k 2) actually written to memory are different, then the attacker observes that the ciphertext block at a1 is always random under successive write operations. In both of the above scenarios, the attacker cannot deduce the plaintext information from the ciphertext block, and is therefore secure. Therefore, a scenario with a risk of information leakage can be obtained: the values W (k 1) and W (k 2) written by two consecutive encrypted write operations may be the same or different, i.e. if the pair of memory write instructions need to actually constitute a side channel hole, the pair of memory write instructions also need to satisfy the above-mentioned dependency condition (3).

The above-mentioned dependency condition (3), i.e., the constraint condition, includes: the two write parameters are equal under the first symbol value condition and are not equal under the second symbol value condition. The above constraint can be formally expressed by the following formula:

∃k1，k2，k1′，k2′ ∈K，W(k1)=W(k2)∧W(k1′)≠W(k2′)；

wherein K1 and K2 represent the two writing parameters under the first symbol value condition, K1 'and K2' represent the two writing parameters under the second symbol value condition, K represents the definition domains of the two writing parameters, and Λ represents the and operation simultaneously satisfied by the front and rear expressions. Because W (k 1) and W (k 2) are encrypted write operations for the same memory address, there is a fixed mapping relationship between ciphertext and plaintext in the encryption scenario of the trusted execution environment, that is, the above formula may be further organized as: ∃ K1, K2, K1', K2' is e.g. K, K1= K2 ^ K1'≠ K2';

two write parameters k1 and k2 corresponding to a pair of memory write instructions obtained by knowing any taint function detection through symbolic execution satisfy the following relational expression: k1= m1+1, k2= m1+ m2; where m1, m2 are the two contaminated input parameters of either taint function, respectively (e.g., m1 and m2 are both secret information), v1, v2 are taint symbols representing m1, m2, respectively, and K ∈ {0,1}. Then, by combining the constraint conditions, v1+1= v1+ v2 ^ v1' +1 ≠ v1' + v2' can be obtained, and solving the constraint conditions can obtain that the first symbol dereferencing condition is { v1=1, v2=1}, and the second symbol dereferencing condition is { v1' =0, v2' =0}. It should be noted that there may be multiple solutions for both the first symbol value condition and the second value condition obtained by the above solution, but an attacker may also store multiple solutions in advance, so that the range of the secret information obtained by inference can be greatly reduced. For example, after the attacker obtains the first symbol dereferencing condition and the second symbol dereferencing condition, when the to-be-processed software runs in the TEE next time, if a phenomenon that the same ciphertext is written in the memory address a1 through two continuous write operations is observed, it can be directly inferred that secret information used by the to-be-processed software is respectively m1= v1=1, and m2= v2=1; similarly, if the memory address a1 is observed to have the phenomenon that two consecutive write operations write different ciphertexts, it can be directly inferred that the secret information being used by the software to be processed is m1'= v1' =0, and m2'= v2' =0, respectively.

When it is determined that the two write parameters satisfy the constraint condition, specifically, inputting a symbol expression corresponding to the write parameters into a solver and calculating the satisfiability of the constraint condition. If the solver can calculate to obtain corresponding first symbol value conditions and second symbol value conditions, it indicates that the two write-in parameters meet the constraint conditions, and at this time, the pair of memory write instructions can be determined as side channel bugs existing in the software to be processed, and instruction positions of the pair of memory write addresses are specifically output for debugging by a developer; if the solver outputs no solution, it indicates that the two write parameters do not satisfy the constraint condition, and at this time, it may be determined that the pair of memory write instructions does not constitute the side channel bug.

In the embodiment of this specification, still include:

and under the condition that the two writing parameters meet the constraint condition, outputting a first symbol value taking condition and a second symbol value taking condition. In the embodiment of the present specification, in addition to the position where the corresponding bug instruction is fed back to the developer, a specific symbol value condition that causes a phenomenon of "continuously writing the same data in the same memory" or "continuously writing different data in the same memory" is output, thereby helping the developer to further debug and repair the detected side channel bug.

As described above, the side channel vulnerability existing in the to-be-processed software is specifically the side channel vulnerability generated when the to-be-processed software runs in the trusted execution environment, because the trusted execution environment has a memory encryption mechanism, and plaintext of the same memory address is always mapped to the same ciphertext, which results in that an attacker can use the novel side channel vulnerability mentioned in this specification to ascertain secret information in the to-be-processed software.

In the related art, the method for detecting side channel bugs includes dynamic analysis or static analysis. Although dynamic analysis has expansibility and is suitable for analysis of large-scale software, the problem of missed detection caused by incomplete analysis exists; although the static analysis is relatively comprehensive in analysis, the static analysis has small expandability and is only suitable for analyzing small programs, and the whole program analysis of large-scale software cannot be realized. In the embodiment of the specification, dynamic taint analysis and static symbolic execution are combined for the first time, so that the whole sequence analysis of large software is compatible with the dynamic analysis, a plurality of taint functions are determined, then each taint function is subjected to static analysis, paths which are not covered in the dynamic analysis are supplemented by the static analysis, and the comprehensiveness of the analysis is improved. Therefore, the hybrid analysis scheme provided by the embodiment of the present disclosure overcomes the defects of the related art when dynamic analysis and static analysis are implemented separately as much as possible, and takes the advantages of the dynamic analysis and the static analysis, which is more comprehensive and scalable than the related art.

The embodiment of the specification designs a hybrid analysis scheme for detecting side channel bugs existing in software to be processed, and the hybrid analysis scheme comprises the steps of firstly tracking the use condition of secret information in the whole software to be processed through dynamic taint analysis to obtain at least one taint function, then performing static symbolic execution on each taint function, and determining an instruction meeting a constraint condition as the side channel bugs existing in the software to be processed. The embodiment of the specification actually defines a novel side channel vulnerability, namely two write instructions aiming at the same memory address may be equal or unequal under different value conditions, so that an attacker with ciphertext reading permission can reversely deduce the plaintext of related taint data running in the software to be processed by observing the encrypted memory write-in behavior, and the embodiment of the specification judges whether any taint function contains a pair of memory write instructions aiming at the same memory address and relating to writing taint symbols, and sets the constraint conditions that the two write parameters are equal under a first symbol value condition and unequal under a second symbol value condition, so that the novel side channel vulnerability can be detected; meanwhile, compared with a method for detecting side channel bugs in the related art, the embodiment of the specification provides the mixed analysis scheme for the first time, and the embodiment of the specification can more comprehensively analyze the side channel bugs existing in the software to be processed by combining dynamic taint analysis and static symbol execution.

Optionally, the method further includes:

performing symbolic execution on a first called function under the condition that at least one input parameter corresponding to the first called function repeatedly called by any taint function contains a taint symbol;

and under the condition that the write-in parameter corresponding to the first memory write instruction contained in the first called function contains a taint symbol, determining the first memory write instruction as a side channel bug existing in the software to be processed.

In addition to the intra-function analysis method of performing static symbolic execution on each taint function to detect side channel bugs, the embodiment of the present specification further introduces an inter-function analysis method of detecting side channel bugs. Inter-criteria analysis is almost impossible due to path explosion problems, but can be simplified to achieve a reasonable tradeoff between analysis efficiency and analysis comprehensiveness. Specifically, in the foregoing process of analyzing any taint function, it is further detected whether any taint function has a repeated calling phenomenon to the same called function, for example, if there is a first called function repeatedly called by any taint function at the same calling point (detecting a repeatedly executed function call instruction), it is continuously detected whether at least one input parameter corresponding to the first called function contains a taint symbol, and if the taint symbol is contained, it indicates that the repeatedly called first called function is a function for directly or indirectly processing the secret information (i.e., the first called function necessarily belongs to the foregoing taint function set obtained through dynamic taint analysis, but the functions in the taint function set are not necessarily the first called function), and there is a possibility that a side channel is taint to leak secret information.

After determining one or more first called functions which are repeatedly called by any one taint function and corresponding to which at least one input parameter comprises taint symbols by performing symbolic execution on any one taint function, continuing to perform symbolic execution on each determined first called function, specifically, performing symbolic execution on the first called functions, and including: expressing the taint parameter containing the taint data in the first called function by using a taint symbol according to the result of the dynamic taint analysis and/or the symbolic execution result aiming at any taint function, and expressing the non-taint parameter not containing the taint data in the first called function by using the non-taint symbol; the first called function is executed using the dirty symbol and the non-dirty symbol. The process is similar to performing symbolic execution on any of the taint functions, and is not described in detail here.

By executing symbolic execution on the first called function, it can be determined whether the first called function includes a dirty symbol in a write parameter corresponding to at least one memory write instruction, and specifically, it is detected whether there is a dirty symbol in a write parameter corresponding to a first memory write instruction, which is used to indicate an input parameter in the first called function as a dirty parameter. Under the condition that it is determined that the write parameter corresponding to the first memory write instruction included in the first called function includes a dirty symbol, it may be considered that if any dirty function is actually executed, multiple times of repeated calls may be performed on the first called function, so that dirty data related to the secret information is written into the memory by repeatedly executing the first memory write instruction, and this may also result in the aforementioned dependency conditions (1), (2), and (3) being satisfied, except that the pair of memory write instructions determined here should be regarded as a superposition of the first memory write instruction itself in different call cycles, that is, "two" first memory write instructions under two times of consecutive calls of the first called function by the any dirty function constitute the pair of memory write instructions. Since the write parameters corresponding to the two first memory write instructions that are called consecutively are variables related to the input parameters corresponding to the first called function, a phenomenon that "write values may be equal or unequal" may also appear under different initial conditions of the operation of the software to be processed, so that a side channel hole may still be caused in this case. Therefore, when it is determined that the write parameter corresponding to the first memory write instruction included in the first called function includes a dirty symbol, the first memory write instruction or the first called function itself may be determined as a side channel bug existing in the software to be processed.

The dimension of inter-function analysis is considered in the embodiment of the specification, particularly, modes of circularly calling other functions are considered, and the embodiment of the specification optimizes the standard inter-function analysis execution, so that reasonable balance is obtained on analysis efficiency and analysis comprehensiveness, and side channel bugs in the software to be processed can be detected more comprehensively.

FIG. 2 is a schematic block diagram of an apparatus provided in an exemplary embodiment. Referring to fig. 2, at the hardware level, the apparatus includes a processor 202, an internal bus 204, a network interface 206, a memory 208, and a non-volatile memory 210, but may also include hardware required for other services. One or more embodiments of the present description may be implemented in software, such as by processor 202 reading corresponding computer programs from non-volatile storage 210 into memory 208 and then running. Of course, besides the software implementation, the one or more embodiments in this specification do not exclude other implementations, such as logic devices or combination of software and hardware, and so on, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.

Fig. 3 is a block diagram of an apparatus for detecting a side channel vulnerability, which may be applied to the device shown in fig. 2 to implement the technical solution of the present specification, according to an exemplary embodiment of the present specification. The device includes:

the dynamic taint analysis unit 301 is configured to perform dynamic taint analysis on software to be processed to obtain a taint function in the software to be processed, where the taint function is used to process taint data associated with secret information in the software to be processed.

A symbolic execution unit 302, configured to perform symbolic execution on any taint function, and detect whether two write parameters corresponding to a pair of memory write instructions respectively satisfy constraint conditions when it is determined that the taint function includes a pair of memory write instructions for the same memory address and a write parameter corresponding to at least one memory write instruction in the pair of memory write instructions includes a taint symbol related to the taint data, where the constraint conditions include: the two write parameters are equal under the first symbol value condition and unequal under the second symbol value condition.

A vulnerability determining unit 303, configured to determine the pair of memory write instructions as a side channel vulnerability existing in the to-be-processed software when the two write parameters satisfy the constraint condition.

Optionally, the dynamic taint analysis unit 301 is specifically configured to:

Optionally, the symbol execution unit 302 is specifically configured to:

Optionally, the symbol performing unit 302 is further configured to:

and under the condition that the first write-in parameter comprises a taint symbol, updating the first write-in parameter to the memory write-in table as a latest write-in parameter corresponding to the first memory address.

Optionally, the method further includes:

a latest write parameter searching unit 304, configured to search the memory write table to obtain a latest write parameter corresponding to the first memory address;

an instruction determining unit 305, configured to determine that any taint function includes a pair of memory write instructions for the same memory address, and a write parameter corresponding to at least one memory write instruction in the pair of memory write instructions includes a taint symbol, where the latest write parameter corresponding to the first write parameter and/or the first memory address includes a taint symbol.

Optionally, any symbol value condition includes an initial value of a symbol used for representing at least part of parameters in any taint function.

Optionally, there is no other memory write instruction for the same memory address between the pair of memory write instructions in any taint function.

Optionally, the method further includes:

a symbol dereferencing condition output unit 306, configured to output the first symbol dereferencing condition and the second symbol dereferencing condition when the two write parameters satisfy the constraint condition.

Optionally, the method further includes:

a called function symbol execution unit 307, configured to perform symbol execution on a first called function repeatedly called by any one of the taint functions when at least one input parameter corresponding to the first called function contains a taint symbol;

the second vulnerability determining unit 308 is configured to determine, when it is determined that the write parameter corresponding to the first memory write instruction included in the first called function includes a dirty symbol, the first memory write instruction as a side channel vulnerability existing in the software to be processed.

Optionally, the side channel bug existing in the to-be-processed software is a side channel bug generated when the to-be-processed software runs in a trusted execution environment.

The above device embodiment corresponds to the above method embodiment, and there is no substantial difference, and the above description for the embodiment shown in fig. 1 is applicable to the embodiment shown in fig. 3, and is not repeated here.

In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually manufacturing an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development, but the original code before compiling is also written in a specific Programming Language, which is called Hardware Description Language (HDL), and the HDL is not only one kind but many kinds, such as abll (Advanced boot Expression Language), AHDL (alternate hard Description Language), traffic, CUPL (computer universal Programming Language), HDCal (Java hard Description Language), lava, lola, HDL, PALASM, software, rhydl (Hardware Description Language), and vhul-Language (vhyg-Language), which is currently used in the field. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.

The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be conceived to be both a software module implementing the method and a structure within a hardware component.

The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a server system. Of course, the present invention does not exclude that with future developments in computer technology, the computer implementing the functionality of the above embodiments may be, for example, a personal computer, a laptop computer, a vehicle mounted human interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device or a combination of any of these devices.

Although one or more embodiments of the present description provide method operational steps as described in the embodiments or flowcharts, more or fewer operational steps may be included based on conventional or non-inventive approaches. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of sequences, and does not represent a unique order of performance. When an actual apparatus or end product executes, it may execute sequentially or in parallel (e.g., parallel processors or multi-threaded environments, or even distributed data processing environments) according to the method shown in the embodiment or the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded. For example, if the terms first, second, etc. are used to denote names, they do not denote any particular order.

For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, when implementing one or more of the present description, the functions of each module may be implemented in one or more software and/or hardware, or a module implementing the same function may be implemented by a combination of multiple sub-modules or sub-units, etc. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

Computer-readable media, including both permanent and non-permanent, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage, graphene storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

As will be appreciated by one skilled in the art, one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

One or more embodiments of the specification may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the present specification can also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment. In the description of the specification, reference to the description of "one embodiment," "some embodiments," "an example," "a specific example," or "some examples" or the like means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the specification. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.

The above description is merely exemplary of one or more embodiments of the present disclosure and is not intended to limit the scope of one or more embodiments of the present disclosure. Various modifications and alterations to one or more embodiments described herein will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present specification should be included in the scope of the claims.

Claims

1. A method of detecting side channel vulnerabilities, comprising:

performing symbolic execution on any taint function, and detecting whether two write-in parameters respectively corresponding to a pair of memory write instructions meet constraint conditions or not under the condition that the taint function is determined to comprise a pair of memory write instructions aiming at the same memory address and the write-in parameter corresponding to at least one memory write instruction in the pair of memory write instructions comprises a taint symbol related to taint data, wherein the constraint conditions comprise: the two write parameters are equal under the condition of a first symbol value and are not equal under the condition of a second symbol value; other memory write instructions aiming at the same memory address do not exist between the pair of memory write instructions;

when executing a symbol for any taint function, the instruction included in any taint function needs to be executed, wherein a first write parameter corresponding to any memory write instruction is used as a latest write parameter corresponding to a first memory address for any memory write instruction and is updated to a memory write table; before updating the first write parameter to the memory write table, the method further includes:

searching in the memory write-in table to obtain a latest write-in parameter corresponding to the first memory address;

under the condition that the first write-in parameter and/or the latest write-in parameter corresponding to the first memory address contain a dirty symbol, determining that any dirty function contains a pair of memory write instructions aiming at the same memory address, and the write-in parameter corresponding to at least one memory write instruction in the pair of memory write instructions contains the dirty symbol;

and under the condition that the two write-in parameters meet the constraint condition, determining the pair of memory write-in instructions as side channel bugs existing in the software to be processed, wherein the side channel bugs existing in the software to be processed are side channel bugs generated when the software to be processed runs in a trusted execution environment.

2. The method of claim 1, the performing dynamic taint analysis on the software to be processed, comprising:

3. The method of claim 1, the performing symbolic execution on any taint function, comprising:

4. The method of claim 3, the performing the any taint function using taint symbols and non-taint symbols, comprising:

5. The method of claim 3, the performing the any taint function using taint symbols and non-taint symbols, comprising:

6. The method of claim 5, wherein the updating the first write parameter corresponding to the any memory write instruction to the memory write table as the latest write parameter corresponding to the first memory address targeted by the any memory write instruction comprises:

7. The method of claim 1, wherein any sign-valued condition comprises an initial value of a sign used to represent at least a portion of parameters in any taint function.

8. The method of claim 1, further comprising:

and under the condition that the two writing parameters meet the constraint condition, outputting a first symbol dereferencing condition and a second symbol dereferencing condition.

9. The method of claim 1, further comprising:

10. An apparatus to detect side channel vulnerabilities, comprising:

a symbolic execution unit, configured to perform symbolic execution on any taint function, and detect whether two write parameters corresponding to each of a pair of memory write instructions satisfy a constraint condition when it is determined that the taint function includes a pair of memory write instructions for a same memory address and a write parameter corresponding to at least one of the pair of memory write instructions includes a taint symbol related to taint data, where the constraint condition includes: the two write parameters are equal under the condition of a first symbol value and are not equal under the condition of a second symbol value; other memory write instructions aiming at the same memory address do not exist between the pair of memory write instructions;

when executing a symbol for any taint function, the instructions included in any taint function need to be executed, wherein a first write parameter corresponding to any memory write instruction is used as a latest write parameter corresponding to a first memory address for any memory write instruction to update a memory write table; the device further comprises:

the latest writing parameter searching unit is used for searching the memory writing table to obtain the latest writing parameter corresponding to the first memory address before the first writing parameter is updated to the memory writing table;

the instruction determining unit is configured to determine that any taint function includes a pair of memory write instructions for the same memory address and a write parameter corresponding to at least one memory write instruction in the pair of memory write instructions includes a taint symbol, when the first write parameter and/or the latest write parameter corresponding to the first memory address includes a taint symbol;

and the vulnerability determining unit is used for determining the pair of memory writing instructions as side channel vulnerabilities existing in the software to be processed under the condition that the two writing parameters meet the constraint condition, wherein the side channel vulnerabilities existing in the software to be processed are side channel vulnerabilities generated when the software to be processed runs in a trusted execution environment.

11. An electronic device, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor implements the method of any one of claims 1-9 by executing the executable instructions.

12. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out the steps of the method according to any one of claims 1 to 9.