TY - GEN
T1 - FaCT
T2 - 2017 IEEE Cybersecurity Development Conference, SecDev 2017
AU - Cauligi, Sunjay
AU - Soeller, Gary
AU - Brown, Fraser
AU - Johannesmeyer, Brian
AU - Huang, Yunlu
AU - Jhala, Ranjit
AU - Stefan, Deian
PY - 2017/10/20
Y1 - 2017/10/20
N2 - We argue that C is unsuitable for writing timingchannel free cryptographic code that is both fast and readable. Readable implementations of crypto routines would contain highlevel constructs like if statements, constructs that also introduce timing vulnerabilities. To avoid vulnerabilities, programmers must rewrite their code to dodge intuitive yet dangerous constructs, cluttering the codebase and potentially introducing new errors. Moreover, even when programmers are diligent, compiler optimization passes may still introduce branches and other sources of timing side channels. This status quo is the worst of both worlds: tortured source code that can still yield vulnerable machine code. We propose to solve this problem with a domainspecific language that permits programmers to intuitively express crypto routines and reason about secret values, and a compiler that generates efficient, timing-channel free assembly code.
AB - We argue that C is unsuitable for writing timingchannel free cryptographic code that is both fast and readable. Readable implementations of crypto routines would contain highlevel constructs like if statements, constructs that also introduce timing vulnerabilities. To avoid vulnerabilities, programmers must rewrite their code to dodge intuitive yet dangerous constructs, cluttering the codebase and potentially introducing new errors. Moreover, even when programmers are diligent, compiler optimization passes may still introduce branches and other sources of timing side channels. This status quo is the worst of both worlds: tortured source code that can still yield vulnerable machine code. We propose to solve this problem with a domainspecific language that permits programmers to intuitively express crypto routines and reason about secret values, and a compiler that generates efficient, timing-channel free assembly code.
KW - constant-time programming
KW - crypto implementations
KW - information flow control
KW - language design
KW - timing leaks
UR - http://www.scopus.com/inward/record.url?scp=85035801250&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85035801250&partnerID=8YFLogxK
U2 - 10.1109/SecDev.2017.24
DO - 10.1109/SecDev.2017.24
M3 - Conference contribution
AN - SCOPUS:85035801250
T3 - Proceedings - 2017 IEEE Cybersecurity Development Conference, SecDev 2017
SP - 69
EP - 76
BT - Proceedings - 2017 IEEE Cybersecurity Development Conference, SecDev 2017
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 24 September 2017 through 26 September 2017
ER -