Gary Soeller scite author profile

Real-world cryptographic code is often written in a subset of C intended to execute in constant-time, thereby avoiding timing side channel vulnerabilities. This C subset eschews structured programming as we know it: if-statements, looping constructs, and procedural abstractions can leak timing information when handling sensitive data. The resulting obfuscation has led to subtle bugs, even in widely-used highprofile libraries like OpenSSL. To address the challenge of writing constant-time cryptographic code, we present FaCT, a crypto DSL that provides high-level but safe language constructs. The FaCT compiler uses a secrecy type system to automatically transform potentially timing-sensitive high-level code into low-level, constant-time LLVM bitcode. We develop the language and type system, formalize the constant-time transformation, and present an empirical evaluation that uses FaCT to implement core crypto routines from several open-source projects including OpenSSL, libsodium, and curve25519-donna. Our evaluation shows that FaCT's design makes it possible to write readable, high-level cryptographic code, with efficient, constant-time behavior. CCS Concepts • Security and privacy → Cryptography; • Software and its engineering → General programming languages; • Theory of computation → Operational semantics.

show abstract

FaCT: A Flexible, Constant-Time Programming Language

Cauligi

Soeller

Brown

et al. 2017

View full text Add to dashboard Cite

Foundations for Parallel Information Flow Control Runtime Systems

Vassena

Soeller

Amidon

et al. 2019

View full text Add to dashboard Cite

We present the foundations for a new dynamic information flow control (IFC) parallel runtime system, LIOPAR. To our knowledge, LIOPAR is the first dynamic language-level IFC system to (1) support deterministic parallel thread execution and (2) eliminate both internaland external-timing covert channels that exploit the runtime system. Most existing IFC systems are vulnerable to external timing attacks because they are built atop vanilla runtime systems that do not account for security-these runtime systems allocate and reclaim shared resources (e.g., CPU-time and memory) fairly between threads at different security levels. While such attacks have largely been ignored-or, at best, mitigated-we demonstrate that extending IFC systems with parallelism leads to the internalization of these attacks. Our IFC runtime system design addresses these concerns by hierarchically managing resourcesboth CPU-time and memory-and making resource allocation and reclamation explicit at the language-level. We prove that LIOPAR is secure, i.e., it satisfies progress-and timing-sensitive non-interference, even when exposing clock and heap-statistics APIs.

show abstract

Evaluation Artifact for FaCT

Cauligi¹,

Soeller²,

Johannesmeyer³

et al. 2019

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Gary Soeller

FaCT: a DSL for timing-sensitive computation

FaCT: A Flexible, Constant-Time Programming Language

Foundations for Parallel Information Flow Control Runtime Systems

Evaluation Artifact for FaCT

Contact Info

Product

Resources

About