Catalogo dei prodotti della ricerca
IRIS è la soluzione IT che facilita la raccolta e la gestione dei dati relativi alle attività e ai prodotti della ricerca. Fornisce a ricercatori, amministratori e valutatori gli strumenti per monitorare i risultati della ricerca, aumentarne la visibilità e allocare in modo efficace le risorse disponibili.
EnglishIn the era of microarchitectural side channels, vendors scramble to deploy mitigations for transient execution attacks, but leave traditional side-channel attacks against sensitive software (e.g., crypto programs) to be fixed by developers by means of constant-time programming (i.e., absence of secret-dependent code/data patterns). Unfortunately, writing constant-time code by hand is hard, as evidenced by the many flaws discovered in production side channel-resistant code. Prior efforts to automatically transform programs into constant-time equivalents offer limited security or compatibility guarantees, hindering their applicability to real-world software. In this paper, we present Constantine, a compiler-based system to automatically harden programs against microarchitectural side channels. Constantine pursues a radical design point where secret-dependent control and data flows are completely linearized (i.e., all involved code/data accesses are always executed). This strategy provides strong security and compatibility guarantees by construction, but its natural implementation leads to state explosion in real-world programs. To address this challenge, Constantine relies on carefully designed optimizations such as just-in-time loop linearization and aggressive function cloning for fully context-sensitive points-to analysis, which not only address state explosion, but also lead to an efficient and compatible solution. Constantine yields overheads as low as 16% on standard benchmarks and can handle a fully-fledged component from the production wolfSSL library.
Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization / Borrello, P.; D'Elia, D. C.; Querzoni, L.; Giuffrida, C.. - (2021), pp. 715-733. ((Intervento presentato al convegno 27th ACM Annual Conference on Computer and Communication Security, CCS 2021 tenutosi a Virtual Event [10.1145/3460120.3484583].
| Titolo: | Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization | |
| Autori: | ||
| Data di pubblicazione: | 2021 | |
| Serie: | ||
| Citazione: | Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization / Borrello, P.; D'Elia, D. C.; Querzoni, L.; Giuffrida, C.. - (2021), pp. 715-733. ((Intervento presentato al convegno 27th ACM Annual Conference on Computer and Communication Security, CCS 2021 tenutosi a Virtual Event [10.1145/3460120.3484583]. | |
| Handle: | http://hdl.handle.net/11573/1603661 | |
| ISBN: | 9781450384544 | |
| Appartiene alla tipologia: | 04b Atto di convegno in volume |
File allegati a questo prodotto
| File | Note | Tipologia | Licenza | |
|---|---|---|---|---|
| Borrello_postprint_COSTANTINE_2021.pdf | https://doi.org/10.1145/3460120.3484583 | Documento in Post-print (versione successiva alla peer review e accettata per la pubblicazione) | Tutti i diritti riservati (All rights reserved) | Open Access Visualizza/Apri |
| Borrello_COSTANTINE_2021.pdf | Versione editoriale (versione pubblicata con il layout dell'editore) | Tutti i diritti riservati (All rights reserved) | Administrator Richiedi una copia |
Copyright © 2022