Security Implications Of Compiler Optimizations On Cryptography -- A Review

When implementing secure software, developers must ensure certain requirements, such as the erasure of secret data after its use and execution in real time. Such requirements are not explicitly captured by the C language and could potentially be violated by compiler optimizations. As a result, developers typically use indirect methods to hide their code's semantics from the compiler and avoid unwanted optimizations. However, such workarounds are not permanent solutions, as increasingly efficient compiler optimization causes code that was considered secure in the past now vulnerable. This paper is a literature review of (1) the security complications caused by compiler optimizations, (2) approaches used by developers to mitigate optimization problems, and (3) recent academic efforts towards enabling security engineers to communicate implicit security requirements to the compiler. In addition, we present a short study of six cryptographic libraries and how they approach the issue of ensuring security requirements. With this paper, we highlight the need for software developers and compiler designers to work together in order to design efficient systems for writing secure software.


Not So Fast: Understanding and Mitigating Negative Impacts of Compiler Optimizations on Code Reuse Gadget Sets

Despite extensive testing and correctness certification of their functio...

Is Rust Used Safely by Software Developers?

Rust, an emerging programming language with explosive growth, provides a...

Lost in translation: Exposing hidden compiler optimization opportunities

To increase productivity, today's compilers offer a two-fold abstraction...

Building Critical Applications using Microservices

Microservices - combined with secure containers - facilitate new ways to...

Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization

In the era of microarchitectural side channels, vendors scramble to depl...

A Survey on Compiler Autotuning using Machine Learning

Since the mid-1990s, researchers have been trying to use machine-learnin...

Secure Composition of Robust and Optimising Compilers

To ensure that secure applications do not leak their secrets, they are r...

Please sign up or login with your details

Forgot password? Click here to reset