Towards Constant-Time Foundations for the New Spectre Era

10/03/2019
by   Sunjay Cauligi, et al.
0

The constant-time discipline is a software-based countermeasure used for protecting high assurance cryptographic implementations against timing side-channel attacks. Constant-time is effective (it protects against many known attacks), rigorous (it can be formalized using program semantics), and amenable to automated verification. Yet, the advent of micro-architectural attacks makes constant-time as it exists today far less useful. This paper lays foundations for constant-time programming in the presence of speculative and out-of-order execution. Our first contribution is an operational semantics, and a formal definition of constant-time programs in this extended setting. Our semantics eschews formalization of micro-architectural features (that are instead assumed under adversary control), and yields a notion of constant-time that retains the elegance and tractability of the usual notion. We demonstrate the relevance of our semantics by contrasting existing Spectre-like attacks with our definition of constant-time and by exhibiting a new (theoretical) class of Spectre attacks based on alias prediction. Our second contribution is a static analysis tool, Pitchfork, which detects violations of our extended constant-time property (for a subset of the semantics presented in this paper).

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

page 2

page 3

page 4

02/26/2022

Preventing Timing Side-Channels via Security-Aware Just-In-Time Compilation

Recent work has shown that Just-In-Time (JIT) compilation can introduce ...
09/03/2021

Vivienne: Relational Verification of Cryptographic Implementations in WebAssembly

This paper explores the use of relational symbolic execution to counter ...
07/08/2018

Formal Semantics of Architectural Decision Models

A software architecture is the result of multiple decisions made by a so...
09/09/2021

LEASH: Enhancing Micro-architectural Attack Detection with a Reactive Process Scheduler

Micro-architectural attacks use information leaked through shared resour...
04/01/2021

Solver-Aided Constant-Time Circuit Verification

We present Xenon, a solver-aided method for formally verifying that Veri...
08/16/2018

MicroWalk: A Framework for Finding Side Channels in Binaries

Microarchitectural side channels expose unprotected software to informat...
04/30/2015

Verification of Generalized Inconsistency-Aware Knowledge and Action Bases (Extended Version)

Knowledge and Action Bases (KABs) have been put forward as a semanticall...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.