In the era of microarchitectural side channels, vendors scramble to deploy mitigations for transient execution attacks, but leave traditional side-channel attacks against sensitive software (e.g., crypto programs) to be fixed by developers by means of constant-time programming (i.e., absence of secret-dependent code/data patterns). Unfortunately, writing constant-time code by hand is hard, as evidenced by the many flaws discovered in production side channel-resistant code. Prior efforts to automatically transform programs into constant-time equivalents offer limited security or compatibility guarantees, hindering their applicability to real-world software. In this paper, we present Constantine, a compiler-based system to automatically harden programs against microarchitectural side channels. Constantine pursues a radical design point where secret-dependent control and data flows are completely linearized (i.e., all involved code/data accesses are always executed). This strategy provides strong security and compatibility guarantees by construction, but its natural implementation leads to state explosion in real-world programs. To address this challenge, Constantine relies on carefully designed optimizations such as just-in-time loop linearization and aggressive function cloning for fully context-sensitive points-to analysis, which not only address state explosion, but also lead to an efficient and compatible solution. Constantine yields overheads as low as 16% on standard benchmarks and can handle a fully-fledged component from the production wolfSSL library.

Constantine: automatic side-channel resistance using efficient control and data flow linearization / Borrello, P.; D'Elia, D. C.; Querzoni, L.; Giuffrida, C.. - (2021), pp. 715-733. (Intervento presentato al convegno ACM Conference on Computer and Communications Security tenutosi a Virtual Event) [10.1145/3460120.3484583].

Constantine: automatic side-channel resistance using efficient control and data flow linearization

Borrello P.
Primo
;
D'Elia D. C.
Secondo
;
Querzoni L.
;
2021

Abstract

In the era of microarchitectural side channels, vendors scramble to deploy mitigations for transient execution attacks, but leave traditional side-channel attacks against sensitive software (e.g., crypto programs) to be fixed by developers by means of constant-time programming (i.e., absence of secret-dependent code/data patterns). Unfortunately, writing constant-time code by hand is hard, as evidenced by the many flaws discovered in production side channel-resistant code. Prior efforts to automatically transform programs into constant-time equivalents offer limited security or compatibility guarantees, hindering their applicability to real-world software. In this paper, we present Constantine, a compiler-based system to automatically harden programs against microarchitectural side channels. Constantine pursues a radical design point where secret-dependent control and data flows are completely linearized (i.e., all involved code/data accesses are always executed). This strategy provides strong security and compatibility guarantees by construction, but its natural implementation leads to state explosion in real-world programs. To address this challenge, Constantine relies on carefully designed optimizations such as just-in-time loop linearization and aggressive function cloning for fully context-sensitive points-to analysis, which not only address state explosion, but also lead to an efficient and compatible solution. Constantine yields overheads as low as 16% on standard benchmarks and can handle a fully-fledged component from the production wolfSSL library.
2021
ACM Conference on Computer and Communications Security
compilers; constant-time programming; control-flow linearization; data-flow linearization; side channels
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
Constantine: automatic side-channel resistance using efficient control and data flow linearization / Borrello, P.; D'Elia, D. C.; Querzoni, L.; Giuffrida, C.. - (2021), pp. 715-733. (Intervento presentato al convegno ACM Conference on Computer and Communications Security tenutosi a Virtual Event) [10.1145/3460120.3484583].
File allegati a questo prodotto
File Dimensione Formato  
Borrello_postprint_COSTANTINE_2021.pdf

accesso aperto

Note: https://doi.org/10.1145/3460120.3484583
Tipologia: Documento in Post-print (versione successiva alla peer review e accettata per la pubblicazione)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 854.89 kB
Formato Adobe PDF
854.89 kB Adobe PDF
Borrello_COSTANTINE_2021.pdf

solo gestori archivio

Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 2.21 MB
Formato Adobe PDF
2.21 MB Adobe PDF   Contatta l'autore

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1603661
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 30
  • ???jsp.display-item.citation.isi??? 14
social impact