research-article

Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization

Authors:

Pietro Borrello,

Daniele Cono D'Elia,

Leonardo Querzoni,

Cristiano GiuffridaAuthors Info & Claims

CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

Pages 715 - 733

https://doi.org/10.1145/3460120.3484583

Published: 13 November 2021 Publication History

Abstract

In the era of microarchitectural side channels, vendors scramble to deploy mitigations for transient execution attacks, but leave traditional side-channel attacks against sensitive software (e.g., crypto programs) to be fixed by developers by means of constant-time programming (i.e., absence of secret-dependent code/data patterns). Unfortunately, writing constant-time code by hand is hard, as evidenced by the many flaws discovered in production side channel-resistant code. Prior efforts to automatically transform programs into constant-time equivalents offer limited security or compatibility guarantees, hindering their applicability to real-world software.

In this paper, we present Constantine, a compiler-based system to automatically harden programs against microarchitectural side channels. Constantine pursues a radical design point where secret-dependent control and data flows are completely linearized (i.e., all involved code/data accesses are always executed). This strategy provides strong security and compatibility guarantees by construction, but its natural implementation leads to state explosion in real-world programs. To address this challenge, Constantine relies on carefully designed optimizations such as just-in-time loop linearization and aggressive function cloning for fully context-sensitive points-to analysis, which not only address state explosion, but also lead to an efficient and compatible solution. Constantine yields overheads as low as 16% on standard benchmarks and can handle a fully-fledged component from the production wolfSSL library.

References

[1]

2010. Console Hacking 2010. (Dec. 2010). https://fahrplan.events.ccc.de/congress/2010/Fahrplan/events/4087.en.html

[2]

2013. Bitcoin - Android Security Vulnerability. (Aug. 2013). https://bitcoin.org/en/alert/2013-08--11-android

[3]

2015. The M/o/Vfuscator. (Oct. 2015). https://github.com/xoreaxeaxeax/movfuscator

[4]

2019. RISC-V "V" Vector Extension. (Nov. 2019). https://riscv.github.io/documents/riscv-v-spec/riscv-v-spec.pdf

[5]

2020. Google Publishes Latest Linux Core Scheduling Patches So Only Trusted Tasks Share A Core. (Nov. 2020). https://www.phoronix.com/scan.php?page=news_item&px=Google-Core-Schedulingv9#: :text=Google%20engineer%20Joel%20Fernandes%20sent,against%20the%20possible%20security%20exploits

[6]

Johan Agat. 2000. Transforming out Timing Leaks. In Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Boston, MA, USA) (POPL '00). Association for Computing Machinery, New York, NY, USA, 40--53. https://doi.org/10.1145/325694.325702

Digital Library

[7]

Alfred V. Aho, Monica S. Lam, Ravi Sethi, and Jeffrey D. Ullman. 2006. Compilers: Principles, Techniques, and Tools (2nd Edition). Addison-Wesley Longman Publishing Co., Inc., USA.

Digital Library

[8]

A. C. Aldaya, B. B. Brumley, S. ul Hassan, C. Pereida García, and N. Tuveri. 2019. Port Contention for Fun and Profit. In 2019 IEEE Symposium on Security and Privacy (SP). 870--887. https://doi.org/10.1109/SP.2019.00066

[9]

Lars Ole Andersen. 1994. Program Analysis and Specialization for the C Programming Language. Ph.D. Dissertation.

[10]

Marc Andrysco, David Kohlbrenner, Keaton Mowery, Ranjit Jhala, Sorin Lerner, and Hovav Shacham. 2015. On Subnormal Floating Point and Abnormal Timing. In Proceedings of the 2015 IEEE Symposium on Security and Privacy (SP '15). IEEE Computer Society, USA, 623--639. https://doi.org/10.1109/SP.2015.44

Digital Library

[11]

Marc Andrysco, Andres Nötzli, Fraser Brown, Ranjit Jhala, and Deian Stefan. 2018. Towards Verified, Constant-Time Floating Point Operations. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (Toronto, Canada) (CCS '18). Association for Computing Machinery, New York, NY, USA, 1369--1382. https://doi.org/10.1145/3243734.3243766

Digital Library

[12]

Diego F. Aranha, Felipe Rodrigues Novaes, Akira Takahashi, Mehdi Tibouchi, and Yuval Yarom. 2020. LadderLeak: Breaking ECDSA with Less than One Bit of Nonce Leakage. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS '20). Association for Computing Machinery, New York, NY, USA, 225--242. https://doi.org/10.1145/3372297.3417268

Digital Library

[13]

G. Barthe, B. Grégoire, and V. Laporte. 2018. Secure Compilation of Side-Channel Countermeasures: The Case of Cryptographic "Constant-Time". In 2018 IEEE 31st Computer Security Foundations Symposium (CSF). 328--343. https://doi.org/10.1109/CSF.2018.00031

[14]

Erik Bosman, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2016. Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector. In 2016 IEEE Symposium on Security and Privacy (SP). 987--1004. https://doi.org/10.1109/SP.2016.63

[15]

Claudio Canella, Daniel Genkin, Lukas Giner, Daniel Gruss, Moritz Lipp, Marina Minkin, Daniel Moghimi, Frank Piessens, Michael Schwarz, Berk Sunar, Jo Van Bulck, and Yuval Yarom. 2019. Fallout: Leaking Data on Meltdown-Resistant CPUs. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS '19). Association for Computing Machinery, New York, NY, USA, 769--784. https://doi.org/10.1145/3319535.3363219

Digital Library

[16]

Sunjay Cauligi, Craig Disselkoen, Klaus v. Gleissenthall, Dean Tullsen, Deian Stefan, Tamara Rezk, and Gilles Barthe. 2020. Constant-Time Foundations for the New Spectre Era. In Proc. of the 41st ACM SIGPLAN Conf. on Programming Language Design and Implementation (PLDI 2020). Association for Computing Machinery, New York, NY, USA, 913--926. https://doi.org/10.1145/3385412.3385970

Digital Library

[17]

Sunjay Cauligi, Gary Soeller, Brian Johannesmeyer, Fraser Brown, Riad S. Wahby, John Renner, Benjamin Grégoire, Gilles Barthe, Ranjit Jhala, and Deian Stefan. 2019. FaCT: A DSL for Timing-Sensitive Computation. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2019). ACM, 174--189. https://doi.org/10.1145/3314221.3314605

Digital Library

[18]

Maxime Chevalier-Boisvert, Laurie Hendren, and Clark Verbrugge. 2010. Optimizing Matlab through Just-In-Time Specialization. In Compiler Construction, Rajiv Gupta (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 46--65.

[19]

Jeroen V. Cleemput, Bart Coppens, and Bjorn De Sutter. 2012. Compiler Mitigations for Time Attacks on Modern X86 Processors. ACM Trans. Archit. Code Optim. 8, 4, Article 23 (Jan. 2012), 20 pages. https://doi.org/10.1145/2086696.2086702

Digital Library

[20]

Bart Coppens, Ingrid Verbauwhede, Koen De Bosschere, and Bjorn De Sutter. 2009. Practical Mitigations for Timing-Based Side-Channel Attacks on Modern X86 Processors. In Proceedings of the 2009 30th IEEE Symposium on Security and Privacy (SP '09). IEEE Computer Society, USA, 45--60. https://doi.org/10.1109/SP.2009.19

Digital Library

[21]

Lesly-Ann Daniel, Sébastien Bardin, and Tamara Rezk. 2020. Binsec/Rel: Efficient Relational Symbolic Execution for Constant-Time at Binary-Level. In Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP '20). IEEE Computer Society.

[22]

Daniele Cono D'Elia, Emilio Coppa, Simone Nicchi, Federico Palmaro, and Lorenzo Cavallaro. 2019. SoK: Using Dynamic Binary Instrumentation for Security (And How You May Get Caught Red Handed). In Proc. of the 2019 ACM Asia Conference on Computer and Communications Security (Asia CCS '19). ACM, 15--27. https://doi.org/10.1145/3321705.3329819

Digital Library

[23]

Daniele Cono D'Elia, Camil Demetrescu, and Irene Finocchi. 2011. Mining Hot Calling Contexts in Small Space. In Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation (San Jose, California, USA) (PLDI '11). Association for Computing Machinery, New York, NY, USA, 516--527. https://doi.org/10.1145/1993498.1993559

Digital Library

[24]

Daniele Cono D'Elia, Camil Demetrescu, and Irene Finocchi. 2016. Mining Hot Calling Contexts in Small Space. Software: Practice and Experience 46, 8 (2016), 1131--1152. https://doi.org/10.1002/spe.2348

Digital Library

[25]

Sushant Dinesh, Nathan Burow, Dongyan Xu, and Mathias Payer. 2020. RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization. (2020).

[26]

Travis Downs. 2020. Hardware Store Elimination. https://travisdowns.github.io/blog/2020/05/13/intel-zero-opt.html.

[27]

Andrea Fioraldi, Dominik Maier, Heiko Eißfeldt, and Marc Heuse. 2020. AFL++ : Combining Incremental Steps of Fuzzing Research. In 14th USENIX Workshop on Offensive Technologies (WOOT 20). USENIX Association.

[28]

Christopher W. Fletcher, Marten van Dijk, and Srinivas Devadas. 2012. A Secure Processor Architecture for Encrypted Computation on Untrusted Programs. In Proceedings of the Seventh ACM Workshop on Scalable Trusted Computing (Raleigh, North Carolina, USA) (STC '12). Association for Computing Machinery, New York, NY, USA, 3--8. https://doi.org/10.1145/2382536.2382540

Digital Library

[29]

Christopher W Fletchery, Ling Ren, Xiangyao Yu, Marten Van Dijk, Omer Khan, and Srinivas Devadas. 2014. Suppressing the oblivious ram timing channel while making information leakage and program efficiency trade-offs. In 2014 IEEE 20th International Symposium on High Performance Computer Architecture (HPCA). IEEE, 213--224.

[30]

Shuitao Gan, Chao Zhang, Peng Chen, Bodong Zhao, Xiaojun Qin, Dong Wu, and Zuoning Chen. 2020. GREYONE: Data Flow Sensitive Fuzzing. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 2577--2594. https://www.usenix.org/conference/usenixsecurity20/presentation/gan

[31]

Oded Goldreich and Rafail Ostrovsky. 1996. Software Protection and Simulation on Oblivious RAMs. J. ACM 43, 3 (May 1996), 431--473. https://doi.org/10.1145/233551.233553

Digital Library

[32]

Ben Gras, Cristiano Giuffrida, Michael Kurth, Herbert Bos, and Kaveh Razavi. 2020. ABSynthe: Automatic Blackbox Side-channel Synthesis on Commodity Microarchitectures. https://doi.org/10.14722/ndss.2020.23018

[33]

Daniel Gruss, Julian Lettner, Felix Schuster, Olga Ohrimenko, Istvan Haller, and Manuel Costa. 2017. Strong and Efficient Cache Side-Channel Protection Using Hardware Transactional Memory. In Proceedings of the 26th USENIX Conference on Security Symposium (SEC'17). USENIX Association, USA, 217--233.

Digital Library

[34]

S. He, M. Emmi, and G. Ciocarlie. 2020. ct-fuzz: Fuzzing for Timing Leaks. In 2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST). 466--471. https://doi.org/10.1109/ICST46399.2020.00063

[35]

Casen Hunger, Mikhail Kazdagli, Ankit Rawat, Alex Dimakis, Sriram Vishwanath, and Mohit Tiwari. 2015. Understanding contention-based channels and using them for defense. In 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA). IEEE, 639--650.

[36]

Intel. 2020. Guidelines for Mitigating Timing Side Channels Against Cryptographic Implementations. Developer Zone - Secure Coding (2020). https://software.intel.com/security-software-guidance/secure-coding/guidelines-mitigating-timing-side-channels-against-cryptographic-implementations

[37]

Taesoo Kim, Marcus Peinado, and Gloria Mainar-Ruiz. 2012. STEALTHMEM: System-level protection against cache-based side channel attacks in the cloud. In Presented as part of the 21st USENIX Security Symposium (USENIX Security 12). 189--204.

[38]

Julian Kirsch, Clemens Jonischkeit, Thomas Kittel, Apostolis Zarras, and Claudia Eckert. 2017. Combating Control Flow Linearization. In ICT Systems Security and Privacy Protection, Sabrina De Capitani di Vimercati and Fabio Martinelli (Eds.). Springer International Publishing, Cham, 385--398.

[39]

P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, and Y. Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In 2019 IEEE Symposium on Security and Privacy (SP). 1--19. https://doi.org/10.1109/SP.2019.00002

[40]

Moritz Lipp, Andreas Kogler, David Oswald, Michael Schwarz, Catherine Easdon, Claudio Canella, and Daniel Gruss. 2021. PLATYPUS: Software-based Power Side-Channel Attacks on x86. In IEEE S&P.

[41]

Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In Proceedings of the 27th USENIX Conference on Security Symposium (Baltimore, MD, USA) (SEC'18). USENIX Association, USA, 973--990.

[42]

Chang Liu, Austin Harris, Martin Maas, Michael Hicks, Mohit Tiwari, and Elaine Shi. 2015. GhostRider: A Hardware-Software System for Memory Trace Oblivious Computation. In Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems (Istanbul, Turkey) (ASPLOS '15). Association for Computing Machinery, New York, NY, USA, 87--101. https://doi.org/10.1145/2694344.2694385

Digital Library

[43]

Chang Liu, Michael Hicks, and Elaine Shi. 2013. Memory Trace Oblivious Program Execution. In Proceedings of the 2013 IEEE 26th Computer Security Foundations Symposium (CSF '13). IEEE Computer Society, USA, 51--65. https://doi.org/10.1109/CSF.2013.11

Digital Library

[44]

Martin Maas, Eric Love, Emil Stefanov, Mohit Tiwari, Elaine Shi, Krste Asanovic, John Kubiatowicz, and Dawn Song. 2013. PHANTOM: Practical Oblivious Computation in a Secure Processor. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS '13). Association for Computing Machinery, New York, NY, USA, 311--324. https://doi.org/10.1145/2508859.2516692

Digital Library

[45]

Heiko Mantel and Artem Starostin. 2015. Transforming Out Timing Leaks, More or Less. In Proceedings, Part I, of the 20th European Symposium on Computer Security -- ESORICS 2015 - Volume 9326. Springer-Verlag, Berlin, Heidelberg, 447--467. https://doi.org/10.1007/978--3--319--24174--6_23

[46]

Robert Martin, John Demme, and Simha Sethumadhavan. 2012. Timewarp: Rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks. In 2012 39th Annual International Symposium on Computer Architecture (ISCA). IEEE, 118--129.

[47]

Ana Milanova, Atanas Rountev, and Barbara G. Ryder. 2002. Parameterized Object Sensitivity for Points-to and Side-Effect Analyses for Java (ISSTA '02). Association for Computing Machinery, New York, NY, USA, 1--11. https://doi.org/10.1145/566172.566174

Digital Library

[48]

Ahmad Moghimi, Jan Wichelmann, Thomas Eisenbarth, and Berk Sunar. 2019. MemJam: A False Dependency Attack Against Constant-Time Crypto Implementations. Int. J. Parallel Program. 47, 4 (Aug. 2019), 538--570. https://doi.org/10.1007/s10766-018-0611--9

[49]

Daniel Moghimi, Jo Van Bulck, Nadia Heninger, Frank Piessens, and Berk Sunar. 2020. CopyCat: Controlled Instruction-Level Attacks on Enclaves. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 469--486. https://www.usenix.org/conference/usenixsecurity20/presentation/moghimi-copycat

[50]

David Molnar, Matt Piotrowski, David Schultz, and David Wagner. 2005. The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks. In Proceedings of the 8th International Conference on Information Security and Cryptology (Seoul, Korea) (ICISC'05). Springer-Verlag, Berlin, Heidelberg, 156--168. https://doi.org/10.1007/11734727_14

Digital Library

[51]

Robert Muth, Scott Watterson, and Saumya Debray. 2000. Code Specialization Based on Value Profiles. In Static Analysis, Jens Palsberg (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 340--359.

[52]

Dag Arne Osvik, Adi Shamir, and Eran Tromer. 2006. Cache Attacks and Countermeasures: The Case of AES. In Proceedings of the 2006 The Cryptographers' Track at the RSA Conference on Topics in Cryptology (San Jose, CA) (CT-RSA'06). Springer-Verlag, Berlin, Heidelberg, 1--20. https://doi.org/10.1007/11605805_1

Digital Library

[53]

Ashay Rane, Calvin Lin, and Mohit Tiwari. 2015. Raccoon: Closing Digital Side-Channels through Obfuscated Execution. In Proceedings of the 24th USENIX Conference on Security Symposium (Washington, D.C.) (SEC'15). USENIX Association, USA, 431--446.

[54]

Frédéric Recoules, Sébastien Bardin, Richard Bonichon, Laurent Mounier, and Marie-Laure Potet. 2019. Get Rid of Inline Assembly through Verification-Oriented Lifting. In Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering (San Diego, California) (ASE '19). IEEE Press, 577--589. https://doi.org/10.1109/ASE.2019.00060

Digital Library

[55]

Bruno Rodrigues, Fernando Magno Quintão Pereira, and Diego F. Aranha. 2016. Sparse Representation of Implicit Flows with Applications to Side-Channel Detection. In Proceedings of the 25th International Conference on Compiler Construction (Barcelona, Spain) (CC 2016). Association for Computing Machinery, New York, NY, USA, 110--120. https://doi.org/10.1145/2892208.2892230

Digital Library

[56]

B. K. Rosen, M. N. Wegman, and F. K. Zadeck. 1988. Global Value Numbers and Redundant Computations. In Proceedings of the 15th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (San Diego, California, USA) (POPL '88). Association for Computing Machinery, New York, NY, USA, 12--27. https://doi.org/10.1145/73560.73562

Digital Library

[57]

Michael Schwarz, Moritz Lipp, Daniel Moghimi, Jo Van Bulck, Julian Stecklina, Thomas Prescher, and Daniel Gruss. 2019. ZombieLoad: Cross-Privilege-Boundary Data Sampling. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (London, United Kingdom) (CCS '19). Association for Computing Machinery, New York, NY, USA, 753--768. https://doi.org/10.1145/3319535.3354252

Digital Library

[58]

Martin Schwarzl, Claudio Canella, Daniel Gruss, and Michael Schwarz. 2021. Specfuscator: Evaluating Branch Removal as a Spectre Mitigation. In Financial Cryptography and Data Security 2021.

[59]

Elaine Shi, T. H. Hubert Chan, Emil Stefanov, and Mingfei Li. 2011. Oblivious RAM with O((logN)3) Worst-Case Cost. In In: Lee D.H., Wang X. (eds) Advances in Cryptology -- ASIACRYPT 2011. Lecture Notes in Computer Science, vol 7073. Springer Berlin Heidelberg, 197--214. https://doi.org/10.1007/978--3--642--25385-0_11

[60]

Yannis Smaragdakis and George Balatsouras. 2015. Pointer Analysis. Found. and Trends in Prog. Lang. 2, 1 (2015), 1--69. https://doi.org/10.1561/2500000014

Digital Library

[61]

Yannis Smaragdakis, Martin Bravenboer, and Ondrej Lhoták. 2011. Pick Your Contexts Well: Understanding Object-Sensitivity. In Proceedings of the 38th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Austin, Texas, USA) (POPL '11). Association for Computing Machinery, New York, NY, USA, 17--30. https://doi.org/10.1145/1926385.1926390

Digital Library

[62]

Luigi Soares and Fernando Magno Quintao Pereira. 2021. Memory-Safe Elimination of Side Channels. In (to appear) In Proceedings of the 2021 IEEE/ACM International Symposium on Code Generation and Optimization (CGO 2021).

[63]

Juraj Somorovsky. 2016. Systematic Fuzzing and Testing of TLS Libraries. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (Vienna, Austria) (CCS '16). Association for Computing Machinery, New York, NY, USA, 1492--1504. https://doi.org/10.1145/2976749.2978411

Digital Library

[64]

Bjarne Steensgaard. 1996. Points-to Analysis in Almost Linear Time. In Proceedings of the 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (St. Petersburg Beach, Florida, USA) (POPL '96). Association for Computing Machinery, New York, NY, USA, 32--41. https://doi.org/10.1145/237721.237727

Digital Library

[65]

Emil Stefanov, Marten van Dijk, Elaine Shi, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. 2013. Path ORAM: An Extremely Simple Oblivious RAM Protocol. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS '13). Association for Computing Machinery, New York, NY, USA, 299--310. https://doi.org/10.1145/2508859.2516660

Digital Library

[66]

N. Stephens, S. Biles, M. Boettcher, J. Eapen, M. Eyole, G. Gabrielli, M. Horsnell, G. Magklis, A. Martinez, N. Premillieu, A. Reid, A. Rico, and P. Walker. 2017. The ARM Scalable Vector Extension. IEEE Micro 37, 2 (2017), 26--39. https://doi.org/10.1109/MM.2017.35

Digital Library

[67]

G Edward Suh, Dwaine Clarke, Blaise Gassend, Marten Van Dijk, and Srinivas Devadas. 2003. AEGIS: architecture for tamper-evident and tamper-resistant processing. In ACM International Conference on Supercomputing 25th Anniversary Volume. 357--368.

Digital Library

[68]

Yulei Sui and Jingling Xue. 2016. SVF: Interprocedural Static Value-Flow Analysis in LLVM. In Proceedings of the 25th International Conference on Compiler Construction (Barcelona, Spain) (CC 2016). Association for Computing Machinery, New York, NY, USA, 265--266. https://doi.org/10.1145/2892208.2892235

Digital Library

[69]

U.S. National Security Agency. 2016. Commercial National Security Algorithm Suite and Quantum Computing FAQ. (Jan. 2016).

[70]

Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient out-of-Order Execution. In Proceedings of the 27th USENIX Conference on Security Symposium (Baltimore, MD, USA) (SEC'18). USENIX Association, USA, 991--1008.

[71]

Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clementine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, and Cristiano Giuffrida. 2016. Drammer: Deterministic Rowhammer Attacks on Mobile Platforms. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (Vienna, Austria) (CCS '16). Association for Computing Machinery, New York, NY, USA, 1675--1689. https://doi.org/10.1145/2976749.2978406

Digital Library

[72]

S. van Schaik, A. Milburn, S. Österlund, P. Frigo, G. Maisuradze, K. Razavi, H. Bos, and C. Giuffrida. 2019. RIDL: Rogue In-Flight Data Load. In 2019 IEEE Symposium on Security and Privacy (SP). 88--105. https://doi.org/10.1109/SP.2019.00087

[73]

Bhanu C Vattikonda, Sambit Das, and Hovav Shacham. 2011. Eliminating fine grained timers in Xen. In Proceedings of the 3rd ACM workshop on Cloud computing security workshop. 41--46.

Digital Library

[74]

Xi Wang, Nickolai Zeldovich, M. Frans Kaashoek, and Armando Solar-Lezama. 2013. Towards Optimization-Safe Systems: Analyzing the Impact of Undefined Behavior. In Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles (SOSP '13). Association for Computing Machinery, New York, NY, USA, 260--275. https://doi.org/10.1145/2517349.2522728

Digital Library

[75]

Zhenghong Wang and Ruby B Lee. 2007. New cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 34th annual international symposium on Computer architecture (ISCA). 494--505.

Digital Library

[76]

Zhenghong Wang and Ruby B. Lee. 2007. New Cache Designs for Thwarting Software Cache-Based Side Channel Attacks. In Proceedings of the 34th Annual International Symposium on Computer Architecture (San Diego, California, USA) (ISCA '07). Association for Computing Machinery, New York, NY, USA, 494--505. https://doi.org/10.1145/1250662.1250723

Digital Library

[77]

Zhenghong Wang and Ruby B Lee. 2008. A novel cache architecture with enhanced performance and security. In 2008 41st IEEE/ACM International Symposium on Microarchitecture. IEEE, 83--93.

Digital Library

[78]

Samuel Weiser, Andreas Zankl, Raphael Spreitzer, Katja Miller, Stefan Mangard, and Georg Sigl. 2018. DATA -- Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 603--620. https://www.usenix.org/conference/usenixsecurity18/presentation/weiser

Digital Library

[79]

John Whaley and Monica S. Lam. 2004. Cloning-Based Context-Sensitive Pointer Alias Analysis Using Binary Decision Diagrams. In Proceedings of the ACM SIGPLAN 2004 Conference on Programming Language Design and Implementation (Washington DC, USA) (PLDI '04). Association for Computing Machinery, New York, NY, USA, 131--144. https://doi.org/10.1145/996841.996859

Digital Library

[80]

Meng Wu, Shengjian Guo, Patrick Schaumont, and Chao Wang. 2018. Eliminating Timing Side-Channel Leaks Using Program Repair. In Proc. of the 27th ACM SIGSOFT Int. Symposium on Software Testing and Analysis (ISSTA 2018). Association for Computing Machinery, 15--26. https://doi.org/10.1145/3213846.3213851

Digital Library

[81]

Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In Proc. of the 23rd USENIX Security Symposium (San Diego, CA) (SEC'14). USENIX Association, USA, 719--732.

[82]

Yuval Yarom, Daniel Genkin, and Nadia Heninger. 2016. CacheBleed: A Timing Attack on OpenSSL Constant Time RSA. In Cryptographic Hardware and Em- bedded Systems -- CHES 2016, Benedikt Gierlichs and Axel Y. Poschmann (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 346--367.

[83]

Ting Yu and Owen Kaser. 1997. A Note on "On the Conversion of Indirect to Direct Recursion". ACM Trans. Program. Lang. Syst. 19, 6 (Nov. 1997), 1085--1087. https://doi.org/10.1145/267959.269973

Digital Library

[84]

Danfeng Zhang, Aslan Askarov, and Andrew C. Myers. 2011. Predictive Mitigation of Timing Channels in Interactive Systems. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS '11). Association for Computing Machinery, 563--574. https://doi.org/10.1145/2046707.2046772

Digital Library

[85]

Danfeng Zhang, Aslan Askarov, and Andrew C. Myers. 2012. Language-Based Control and Mitigation of Timing Channels. In Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation (Beijing, China) (PLDI '12). Association for Computing Machinery, New York, NY, USA, 99--110. https://doi.org/10.1145/2254064.2254078

Digital Library

[86]

Yinqian Zhang, Ari Juels, Alina Oprea, and Michael K Reiter. 2011. Homealone: Co- residency detection in the cloud via side-channel analysis. In 2011 IEEE symposium on security and privacy. IEEE, 313--328.

Digital Library

[87]

Yinqian Zhang and Michael K. Reiter. 2013. DüPpel: Retrofitting Commodity Operating Systems to Mitigate Cache Side Channels in the Cloud. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS '13). Association for Computing Machinery, 827--838. https://doi.org/10.1145/2508859.2516741

Digital Library

Cited By

Cai LSong FChen T(2024)Towards Efficient Verification of Constant-Time Cryptographic ImplementationsProceedings of the ACM on Software Engineering10.1145/36437721:FSE(1019-1042)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643772
Wichelmann JRabich APätschke AEisenbarth T(2024)Obelix: Mitigating Side-Channels Through Dynamic Obfuscation2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00261(4182-4199)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00261
Winderix HBognar MNoorman JDaniel LPiessens F(2024)Architectural Mimicry: Innovative Instructions to Efficiently Address Control-Flow Leakage in Data-Oblivious Programs2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00047(3697-3715)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00047
Show More Cited By

Index Terms

Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization
1. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures
2. Software and its engineering
  1. Software notations and tools
    1. Compilers

Recommendations

Countermeasures for timing-based side-channel attacks against shared, modern computing hardware

There are several vulnerabilities in computing systems hardware that can be exploited by attackers to carry out devastating microarchitectural timing-based side-channel attacks against these systems and as a result compromise the security of the users of ...
Side-channel leakage aware instruction scheduling
CS2 '17: Proceedings of the Fourth Workshop on Cryptography and Security in Computing Systems

Speed-optimized side-channel protected software implementations of block ciphers are important for the security of embedded IoT devices based on general-purpose microcontrollers. The recent work of Schwabe et al. published at SAC 2016 introduced a bit-...
Side channel cryptanalysis of product ciphers

Building on the work of Kocher (1996), Jaffe and Yun (1998), we discuss the notion of side-channel cryptanalysis: cryptanalysis using implementation data. We discuss the notion of side-channel attacks and the vulnerabilities they introduce, demonstrate ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

November 2021

3558 pages

ISBN:9781450384544

DOI:10.1145/3460120

General Chairs:
Yongdae Kim
KAIST, Republic of Korea
,
Jong Kim
POSTECH, Republic of Korea
,
Program Chairs:
Giovanni Vigna
University of California, Santa Barbara / VMware, USA
,
Elaine Shi
Carnegie Mellon University, USA

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 November 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '21

Sponsor:

SIGSAC

CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security

November 15 - 19, 2021

Virtual Event, Republic of Korea

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

23
Total Citations
View Citations
628
Total Downloads

Downloads (Last 12 months)172
Downloads (Last 6 weeks)16

Reflects downloads up to 12 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Cai LSong FChen T(2024)Towards Efficient Verification of Constant-Time Cryptographic ImplementationsProceedings of the ACM on Software Engineering10.1145/36437721:FSE(1019-1042)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643772
Wichelmann JRabich APätschke AEisenbarth T(2024)Obelix: Mitigating Side-Channels Through Dynamic Obfuscation2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00261(4182-4199)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00261
Winderix HBognar MNoorman JDaniel LPiessens F(2024)Architectural Mimicry: Innovative Instructions to Efficiently Address Control-Flow Leakage in Data-Oblivious Programs2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00047(3697-3715)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00047
Chen WZhao YZhang YQiang WZou DJin H(2024)ReminISCence: Trusted Monitoring Against Privileged Preemption Side-Channel AttacksComputer Security – ESORICS 202410.1007/978-3-031-70903-6_2(24-44)Online publication date: 5-Sep-2024
https://doi.org/10.1007/978-3-031-70903-6_2
Tol MSunar B(2024)ZeroLeak: Automated Side-Channel Patching in Source Code Using LLMsComputer Security – ESORICS 202410.1007/978-3-031-70879-4_15(290-310)Online publication date: 5-Sep-2024
https://doi.org/10.1007/978-3-031-70879-4_15
Ma CWu DTan GKandemir MZhang D(2023)Quantifying and Mitigating Cache Side Channel Leakage with Differential SetProceedings of the ACM on Programming Languages10.1145/36228507:OOPSLA2(1470-1498)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622850
Soares LCanesche MPereira F(2023)Side-channel Elimination via Partial Control-flow LinearizationACM Transactions on Programming Languages and Systems10.1145/359473645:2(1-43)Online publication date: 26-Jun-2023
https://dl.acm.org/doi/10.1145/3594736
Geimer AVergnolle MRecoules FDaniel LBardin SMaurice CMeng WJensen CCremers CKirda E(2023)A Systematic Evaluation of Automated Tools for Side-Channel Vulnerabilities Detection in Cryptographic LibrariesProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623112(1690-1704)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623112
Daniel LBardin SRezk T(2023)Binsec/Rel: Symbolic Binary Analyzer for Security with Applications to Constant-Time and Secret-ErasureACM Transactions on Privacy and Security10.1145/356303726:2(1-42)Online publication date: 14-Apr-2023
https://dl.acm.org/doi/10.1145/3563037
Borrello PEasdon CSchwarzl MCzerny RSchwarz M(2023)CustomProcessingUnit: Reverse Engineering and Customization of Intel Microcode2023 IEEE Security and Privacy Workshops (SPW)10.1109/SPW59333.2023.00031(285-297)Online publication date: May-2023
https://doi.org/10.1109/SPW59333.2023.00031
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents