Currently, when a security analyst discovers a vulnerability in critical software system, they must navigate a fraught dilemma: immediately disclosing the vulnerability to the public could harm the system's users; whereas disclosing the vulnerability only to the software's vendor lets the vendor disregard or deprioritize the security risk, to the detriment of unwittingly-affected users. A compelling recent line of work aims to resolve this by using Zero Knowledge (ZK) protocols that let analysts prove that they know a vulnerability in a program, without revealing the details of the vulnerability or the inputs that exploit it. In principle, this could be achieved by generic ZK techniques. In practice, ZK vulnerability proofs to date have been restricted in scope and expressibility, due to challenges related to generating proof statements that model real-world software at scale and to directly formulating violated properties. This paper presents CHEESECLOTH, a novel proofstatement compiler, which proves practical vulnerabilities in ZK by soundly-but-aggressively preprocessing programs on public inputs, selectively revealing information about executed control segments, and formalizing information leakage using a novel storage-labeling scheme. CHEESECLOTH's practicality is demonstrated by generating ZK proofs of well-known vulnerabilities in (previous versions of) critical software, including the Heartbleed information leakage in OpenSSL and a memory vulnerability in the FFmpeg graphics framework.
翻译:目前,当安全分析师发现关键软件系统存在脆弱性时,他们必须克服一个十分困难的难题:立即披露公众的脆弱性可能会损害该系统的用户;而披露仅对软件供应商的脆弱度只能使供应商忽视安全风险或降低安全风险的优先度,从而损害不知情的用户。最近一项令人信服的工作方针旨在通过使用零知识协议(ZK)解决这个问题,让分析师能够证明他们在程序上知道脆弱性,而没有披露脆弱性的细节或利用它的投入。原则上,这可以通过通用ZK技术来实现。在实践中,ZK脆弱性证明在范围和可表达性上受到限制,因为与生成模拟真实世界软件的规模和直接生成被破坏的属性的证明声明有关的挑战。 本文介绍了一个新颖的证明声明汇编者CHESECLOTH, 通过对公众投入的正确但偏差的预处理程序,有选择地披露关于已执行的控制部分的信息,以及使用新颖的存储-标签框架将信息渗漏正式化为范围与明确性,包括在真实的存储-存储-记录中,通过清晰的模板生成了关键易变易懂的版本,从而展示了精化的易读信息。