| Summary: | 碩士 === 國立政治大學 === 資訊管理學系 === 106 === With rapidly growing cheaper and faster devices and connections, the Internet
of Things (IoT) techniques gradually become ubiquitous and soon to be a part of
our lives. In order to prevent IoT applications from being abused, it is often to see
authentication functionality in programs. However, if these programs leak secrets
during execution, it may damage the authentication mechanism and thus opens a
backdoor for people with malicious intentions. Side channel attack that observes
execution differences is a way to get the secret behind programs.
This paper presents an instruction-level technique to estimate information leakage
of IoT applications. To facilitate analysis on IoT applications, we first parse
python opcodes to construct the control flow graph (CFG), and symbolically execute
this code by traversing the CFG with depth first strategy to generate path
constraints and their instruction sets as observables. Finally we make use of the
Automata Based model Counter (ABC) to perform model counting for each observable
of path execution. Calculating shannon entropy with the probabilities of path
executions enables us to evaluate information leakage of target programs.
|
|---|
