Reconciling optimization with secure compilation

Software protections against side-channel and physical attacks are essential to the development of secure applications. Such protections are meaningful at machine code or micro-architectural level, but they typically do not carry observable semantics at source level. This renders them susceptible to miscompilation, and security engineers embed input/output side-effects to prevent optimizing compilers from altering them. Yet these side-effects are error-prone and compiler-dependent. The current practice involves analyzing the generated machine code to make sure security or privacy properties are still enforced. These side-effects may also be too expensive in fine-grained protections such as control-flow integrity. We introduce observations of the program state that are intrinsic to the correct execution of security protections, along with means to specify and preserve observations across the compilation flow. Such observations complement the input/output semantics-preservation contract of compilers. We introduce an opacification mechanism to preserve and enforce a partial ordering of observations. This approach is compatible with a production compiler and does not incur any modification to its optimization passes. We validate the effectiveness and performance of our approach on a range of benchmarks, expressing the secure compilation of these applications in terms of observations to be made at specific program points.

[1]  David Novo,et al.  Sleuth: Automated Verification of Software Power Analysis Countermeasures , 2013, CHES.

[2]  Thanh-Ha Le,et al.  FISSC: A Fault Injection and Simulation Secure Collection , 2016, SAFECOMP.

[3]  Martín Abadi,et al.  Protection in Programming-Language Translations , 1998, ICALP.

[4]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.

[5]  Richard M. Stallman,et al.  Using the GNU Compiler Collection , 2010 .

[6]  Chao Wang,et al.  Synthesis of Masking Countermeasures against Side Channel Attacks , 2014, CAV.

[7]  Richard M. Stallman,et al.  Using The Gnu Compiler Collection: A Gnu Manual For Gcc Version 4.3.3 , 2009 .

[8]  Sorin Lerner,et al.  Dead Store Elimination (Still) Considered Harmful , 2017, USENIX Security Symposium.

[9]  Mathias Payer,et al.  Control-Flow Integrity , 2017, ACM Comput. Surv..

[10]  Daniele Gorla,et al.  Full abstraction for expressiveness: history, myths and facts † , 2014, Mathematical Structures in Computer Science.

[11]  Isabelle Puaut,et al.  Traceability of Flow Information: Reconciling Compiler Optimizations and WCET Estimation , 2014, RTNS.

[12]  Karine Heydemann,et al.  High Level Model of Control Flow Attacks for Smart Card Functional Security , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.

[13]  Karine Heydemann,et al.  Fault attack vulnerability assessment of binary code , 2019, Proceedings of the Sixth Workshop on Cryptography and Security in Computing Systems.

[14]  Ross J. Anderson,et al.  What You Get is What You C: Controlling Side Effects in Mainstream C Compilers , 2018, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[15]  Bruno Robisson,et al.  Compilation of a Countermeasure Against Instruction-Skip Fault Attacks , 2016, CS2@HiPEAC.

[16]  Marco Patrignani,et al.  Secure Compilation to Protected Module Architectures , 2015, TOPL.

[17]  Karine Heydemann,et al.  Secure delivery of program properties through optimizing compilation , 2020, CC.

[18]  Pascal Sainrat,et al.  OTAWA: An Open Toolbox for Adaptive WCET Analysis , 2010, SEUS.

[19]  John P. Gallagher,et al.  ENTRA: Whole-Systems Energy Transparency , 2016, Microprocess. Microsystems.

[20]  Yuval Yarom,et al.  CacheBleed: a timing attack on OpenSSL constant-time RSA , 2016, Journal of Cryptographic Engineering.

[21]  Christopher Krügel,et al.  SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[22]  Bilgiday Yuce,et al.  Fault Attacks on Secure Embedded Software: Threats, Design, and Evaluation , 2018, Journal of Hardware and Systems Security.

[23]  Karine Heydemann,et al.  Compiler-Assisted Loop Hardening Against Fault Attacks , 2017, ACM Trans. Archit. Code Optim..

[24]  Roberto Blanco,et al.  Journey Beyond Full Abstraction: Exploring Robust Property Preservation for Secure Compilation , 2018, 2019 IEEE 32nd Computer Security Foundations Symposium (CSF).

[25]  Dawn Xiaodong Song,et al.  The Correctness-Security Gap in Compiler Optimization , 2015, 2015 IEEE Security and Privacy Workshops.

[26]  Karine Heydemann,et al.  Electromagnetic Fault Injection: Towards a Fault Model on a 32-bit Microcontroller , 2013, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[27]  J. Filliâtre,et al.  ACSL: ANSI/ISO C Specification Language , 2008 .

[28]  OpenSSL OpenSSL : The open source toolkit for SSL/TSL , 2002 .

[29]  Roberto Blanco,et al.  Exploring Robust Property Preservation for Secure Compilation , 2018, ArXiv.

[30]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[31]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[32]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[33]  Thomas W. Reps,et al.  WYSINWYX: What you see is not what you eXecute , 2005, TOPL.

[34]  Benjamin Grégoire,et al.  Formal Verification of a Constant-Time Preserving C Compiler : 3 by theoretical justifications : in [ , 2019 .

[35]  Xavier Leroy,et al.  Embedded Program Annotations for WCET Analysis , 2018, WCET.

[36]  An Analysis of x86-64 Inline Assembly in C Programs , 2018, VEE.

[37]  Stefan Mangard,et al.  An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[38]  Martín Abadi,et al.  On Protection by Layout Randomization , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[39]  Karine Heydemann,et al.  Software Countermeasures for Control Flow Integrity of Smart Card C Codes , 2014, ESORICS.

[40]  Nikolai Kosmatov,et al.  Frama-C: A software analysis perspective , 2015, Formal Aspects of Computing.

[41]  Adam Chlipala,et al.  A certified type-preserving compiler from lambda calculus to assembly language , 2007, PLDI '07.