Abstract
In the era of microarchitectural side channels, vendors scramble to deploy mitigations for transient execution attacks, but leave traditional side-channel attacks against sensitive software (e.g., crypto programs) to be fixed by developers by means of constant-time programming (i.e., absence of secret-dependent code/data patterns). Unfortunately, writing constant-time code by hand is hard, as evidenced by the many flaws discovered in production side channel-resistant code. Prior efforts to automatically transform programs into constant-time equivalents offer limited security or compatibility guarantees, hindering their applicability to real-world software. In this paper, we present Constantine, a compiler-based system to automatically harden programs against microarchitectural side channels. Constantine pursues a radical design point where secret-dependent control and data flows are completely linearized (i.e., all involved code/data accesses are always executed). This strategy provides strong security and compatibility guarantees by construction, but its natural implementation leads to state explosion in real-world programs. To address this challenge, Constantine relies on carefully designed optimizations such as just-in-time loop linearization and aggressive function cloning for fully context-sensitive points-to analysis, which not only address state explosion, but also lead to an efficient and compatible solution. Constantine yields overheads as low as 16% on standard benchmarks and can handle a fully-fledged component from the production wolfSSL library.
| Original language | English |
|---|---|
| Title of host publication | CCS '21 |
| Subtitle of host publication | Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security |
| Publisher | Association for Computing Machinery |
| Pages | 715-733 |
| Number of pages | 19 |
| ISBN (Electronic) | 9781450384544 |
| DOIs | |
| Publication status | Published - 2021 |
| Event | 27th ACM Annual Conference on Computer and Communication Security, CCS 2021 - Virtual, Online, Korea, Republic of Duration: 15 Nov 2021 → 19 Nov 2021 |
Publication series
| Name | Proceedings of the ACM Conference on Computer and Communications Security |
|---|---|
| Volume | 2021 |
| ISSN (Print) | 1543-7221 |
Conference
| Conference | 27th ACM Annual Conference on Computer and Communication Security, CCS 2021 |
|---|---|
| Country/Territory | Korea, Republic of |
| City | Virtual, Online |
| Period | 15/11/21 → 19/11/21 |
Bibliographical note
Publisher Copyright:© 2021 ACM.
Funding
We thank our shepherd Qi Li and the anonymous reviewers for their valuable feedback. This work was supported by the European Union’s Horizon 2020 research and innovation programme under grant agreements No. 786669 (ReAct) and 825377 (UNICORE), and by Intel Corporation through the Side Channel Vulnerability ISRA.
Keywords
- compilers
- constant-time programming
- control-flow linearization
- data-flow linearization
- side channels