Securing Optimized Code Against Power Side Channels

Side-channel attacks impose a serious threat to cryptographic algorithms, including widely employed ones, such as AES and RSA, taking advantage of the algorithm implementation in hardware or software to extract secret information via timing and/or power side-channels. Software masking is a software mitigation approach against power side-channel attacks, aiming at hiding the secret-revealing dependencies from the power footprint of a vulnerable implementation. However, this type of software mitigation often depends on general-purpose compilers, which do not preserve non-functional properties. Moreover, microarchitectural features, such as the memory bus and register reuse, may also reveal secret information. These abstractions are not visible at the high-level implementation of the program. Instead, they are decided at compile time. To remedy these problems, security engineers often sacrifice code efficiency by turning off compiler optimization and/or performing local, post-compilation transformations. This paper proposes SecConCG, a constraint-based compiler approach that generates optimized yet secure code. SecConCG controls the quality of the mitigated program by efficiently searching the best possible low-level implementation according to a processor cost model. In our experiments with ten masked implementations on MIPS32 and ARM Cortex M0, SecConCG speeds up the generated code from 10 secure code at a small overhead of up to 7 code. For security and compiler researchers, this paper proposes a formal model to generate secure low-level code. For software engineers, SecConCG provides a practical approach to optimize code that preserves security properties.

READ FULL TEXT
research
04/26/2023

Thwarting Code-Reuse and Side-Channel Attacks in Embedded Systems

Embedded devices are increasingly present in our everyday life. They oft...
research
01/15/2021

Secure Optimization Through Opaque Observations

Secure applications implement software protections against side-channel ...
research
07/17/2020

Constraint-Based Software Diversification for Efficient Mitigation of Code-Reuse Attacks

Modern software deployment process produces software that is uniform, an...
research
02/25/2019

Mitigating Power Side Channels during Compilation

The code generation modules inside modern compilers such as GCC and LLVM...
research
12/17/2020

Efficient Verification of Optimized Code: Correct High-speed Curve25519

Code that is highly optimized poses a problem for program-level verifica...
research
11/18/2021

Constraint-based Diversification of JOP Gadgets

Modern software deployment process produces software that is uniform and...
research
02/25/2021

Swivel: Hardening WebAssembly against Spectre

We describe Swivel, a new compiler framework for hardening WebAssembly (...

Please sign up or login with your details

Forgot password? Click here to reset