|title:||Cycle-Accurate Timing Channel Analysis of Binary Code|
Software execution time may leak information about secrets processed by that software through vulnerabilities known as timing channels. Previous automated analysis techniques rely on a highly abstract model of instruction execution time, which limits the accuracy of these tools. We constructed a detailed model of instruction execution time for the ARM Cortex-A7; and present SMArTCAT, a tool which relies on this timing model to identify timing channels in binary code. SMArTCAT is the first automated tool which can identify timing channels caused by instructions with parameter-dependent execution time, as well as traditional timing channels. This allows to more accurately test critical pieces of software for the presence of timing channels, which we demonstrate in several case studies.