Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization
Pietro Borrello, Daniele Cono D’Elia, Leonardo Querzoni, Cristiano Giuffrida
Abstract
In the era of microarchitectural side channels, vendors scramble to deploy mitigations for transient execution attacks, but leave traditional side-channel attacks against sensitive software (e.g., crypto programs) to be fixed by developers by means of constant-time programming (i.e., absence of secret-dependent code/data patterns). Unfortunately, writing constant-time code by hand is hard, as evidenced by the many flaws discovered in production side channel-resistant code. Prior efforts to automatically transform programs into constant-time equivalents offer limited security or compatibility guarantees, hindering their applicability to real-world software.
Topics & Concepts
Side channel attackComputer scienceControl flowSoftwareProgramming languageCode (set theory)Constant (computer programming)LinearizationChannel (broadcasting)Embedded systemDistributed computingComputer securityParallel computingCryptographyComputer networkNonlinear systemSet (abstract data type)PhysicsQuantum mechanicsSecurity and Verification in ComputingAdvanced Malware Detection TechniquesCryptographic Implementations and Security