Carter Yagemann

Assistant Professor of Computer Science and Engineering at The Ohio State University, specializing in systems and software security, including vulnerability discovery, exploit prevention, fault injection, cyber-physical systems, and financial market security.

TraceHunter to Appear in ESORICS 2026


My coauthors and I will be presenting the paper "TraceHunter: Efficient Language Agnostic Verification of Constant-Time Cryptographic Implementations via Processor Tracing" at the 31st European Symposium on Research in Computer Security (ESORICS) in September. Below is a preview of the abstract:

Timing side-channel attacks pose a persistent threat to cryptographic implementations by exploiting secret-dependent variations in execution time. Modern cryptographic code is increasingly written in memory-safe languages such as Go and Rust, yet existing defenses were designed primarily with C and C++ in mind and do not transfer cleanly to these newer ecosystems. Static approaches analyze source code or intermediate representations (IR), such as LLVM IR, to verify constant-time properties, but this restricts them to languages with mature IR support and leaves Go and Rust largely unaddressed. Dynamic approaches sidestep the IR requirement by testing program behavior at runtime, yet their statistical inference degrades under runtime noise from garbage collection (GC), concurrency, and other nondeterministic system behaviors—noise that is especially pronounced in Go and Rust runtimes.

We present TraceHunter, a language-agnostic system that verifies constant-time properties of cryptographic implementations using Intel Processor Trace (PT) and deep learning. By analyzing fine-grained hardware execution traces collected directly from binaries, TraceHunter removes any dependence on source code, compiler toolchains, or language-specific IRs, allowing the same analysis pipeline to be applied uniformly across C, C++, Go, and Rust. Through deep learning, TraceHunter separates true secret-dependent behaviors from runtime noise, enabling reliable verification even in managed and concurrent execution environments. We evaluate TraceHunter on cryptographic libraries spanning three languages—OpenSSL, BearSSL, and MbedTLS in C; rsa and aes from Rust Crypto; and crypto in Go—showing that TraceHunter efficiently identifies subtle constant-time violations across all of them, offering a practical and scalable framework for language-agnostic timing side-channel analysis.