FaCT: A Flexible, Constant-Time Programming Language

Sunjay Cauligi, Gary Soeller, Fraser Brown, Brian Johannesmeyer, Yunlu Huang, Ranjit Jhala, Deian Stefan

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

We argue that C is unsuitable for writing timingchannel free cryptographic code that is both fast and readable. Readable implementations of crypto routines would contain highlevel constructs like if statements, constructs that also introduce timing vulnerabilities. To avoid vulnerabilities, programmers must rewrite their code to dodge intuitive yet dangerous constructs, cluttering the codebase and potentially introducing new errors. Moreover, even when programmers are diligent, compiler optimization passes may still introduce branches and other sources of timing side channels. This status quo is the worst of both worlds: tortured source code that can still yield vulnerable machine code. We propose to solve this problem with a domainspecific language that permits programmers to intuitively express crypto routines and reason about secret values, and a compiler that generates efficient, timing-channel free assembly code.

Original languageEnglish
Title of host publicationProceedings - 2017 IEEE Cybersecurity Development Conference, SecDev 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages69-76
Number of pages8
ISBN (Electronic)9781538634677
DOIs
Publication statusPublished - 20 Oct 2017
Externally publishedYes
Event2017 IEEE Cybersecurity Development Conference, SecDev 2017 - Cambridge, United States
Duration: 24 Sept 201726 Sept 2017

Publication series

NameProceedings - 2017 IEEE Cybersecurity Development Conference, SecDev 2017

Conference

Conference2017 IEEE Cybersecurity Development Conference, SecDev 2017
Country/TerritoryUnited States
CityCambridge
Period24/09/1726/09/17

Funding

We thank David Kohlbrenner, Ariana Mirian, Hovav Shacham, and the anonymous reviewers for their insightful comments and suggestions. We give special thanks to Riad S. Wahby for his superb skill in prettifying our code snippets and formatting our paper. This work was supported in part by NSF grant CNS-1514435.

FundersFunder number
National Science FoundationCNS-1514435
Norsk Sykepleierforbund

    Keywords

    • constant-time programming
    • crypto implementations
    • information flow control
    • language design
    • timing leaks

    Fingerprint

    Dive into the research topics of 'FaCT: A Flexible, Constant-Time Programming Language'. Together they form a unique fingerprint.

    Cite this