Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security 2021
DOI: 10.1145/3460120.3484583
|View full text |Cite
|
Sign up to set email alerts
|

Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization

Abstract: In the era of microarchitectural side channels, vendors scramble to deploy mitigations for transient execution attacks, but leave traditional side-channel attacks against sensitive software (e.g., crypto programs) to be fixed by developers by means of constant-time programming (i.e., absence of secret-dependent code/data patterns). Unfortunately, writing constant-time code by hand is hard, as evidenced by the many flaws discovered in production side channelresistant code. Prior efforts to automatically transfo… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
20
0

Year Published

2021
2021
2023
2023

Publication Types

Select...
3
3
2

Relationship

0
8

Authors

Journals

citations
Cited by 26 publications
(27 citation statements)
references
References 63 publications
0
20
0
Order By: Relevance
“…• Finally, this study shows that the preservation of constant-time by compilers depends on multiple factors and cannot simply rely on enabling/disabling optimizations. Instead, compiler-based hardening [82,83] or property preservation [15] seem promising directions, in which Binsec/Rel could be used for validation. Experiments are performed on the programs introduced in Section 6.1 for bug-finding and bounded-verification (338 samples, 70k instructions).…”
Section: Conclusion (Rq2)mentioning
confidence: 99%
See 1 more Smart Citation
“…• Finally, this study shows that the preservation of constant-time by compilers depends on multiple factors and cannot simply rely on enabling/disabling optimizations. Instead, compiler-based hardening [82,83] or property preservation [15] seem promising directions, in which Binsec/Rel could be used for validation. Experiments are performed on the programs introduced in Section 6.1 for bug-finding and bounded-verification (338 samples, 70k instructions).…”
Section: Conclusion (Rq2)mentioning
confidence: 99%
“…Aside from a posteriori analysis, correct-by-design approaches [106,107,108,13] require to reimplement cryptographic primitives from scratch. Program transformations have been proposed to automatically transform insecure programs into (variations of) constant-time programs [109,103,104,110,111,23,112,83,111,82,113]. In particular, Raccoon and Constantine consider a constant-time leakage model and seem promising, however they operate at LLVM level and do not protect against violations introduced by backend compiler passes.…”
Section: Related Workmentioning
confidence: 99%
“…We do not claim our list to be comprehensive, especially in this currently active field of research. In particular, we did not ask about Constantine [54], Pitchfork-angr [55], Cachefix [56], and ENCoVer [57], just to name a few.…”
Section: B Tools Included In the Surveymentioning
confidence: 99%
“…Schwarzl et al [91] further optimized this approach but still observe runtime overheads of factor 1000 and more, even for comparably simple applications. Borrello et al [8] focused more on the protection of cryptographic implementations and still observe a runtime overhead of factor 3.17 to 5.07 on these relatively small examples. Hence, the problem of secret dependency on user input in large applications remains an open problem.…”
Section: Mitigationmentioning
confidence: 99%
“…Due to this significant influence of compilers on sidechannel leakage in binaries, they are also frequently used for new mitigation proposals against side-channel leakage [22], [77], [76], [17], [33], [16], [8].…”
Section: F Compiler-introduced Side Channelsmentioning
confidence: 99%