Adaptive Compiler Strategies for Mitigating Timing Side Channel Attacks

Existing compiler techniques can transform code to make its timing behavior independent of sensitive values to prevent information leakage through time side channels. Those techniques are hampered, however, by their static nature and dependence on details of the processor targeted during the compilation. This paper presents a dynamic compiler approach based on offline profiles and JIT compiler strategies. This approach reduces overhead significantly and enables a trade-off between provided protection and overhead. Furthermore, it supports adaptive policies in which the protection adapts to run-time changes in the requirements. A prototype implementation in the Jikes Research VM is evaluated on RSA encryption, HMAC key verification, and IDEA encryption.

[1]  Per Larsen,et al.  Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity , 2015, NDSS.

[2]  Ruby B. Lee,et al.  New cache designs for thwarting software cache-based side channel attacks , 2007, ISCA '07.

[3]  Dan S. Wallach,et al.  Opportunities and Limits of Remote Timing Attacks , 2009, TSEC.

[4]  Matthew Arnold,et al.  Architecture and policy for adaptive optimization in virtual machines , 2004 .

[5]  Mikko H. Lipasti,et al.  Modern Processor Design: Fundamentals of Superscalar Processors , 2002 .

[6]  Michael Tunstall,et al.  Side-Channel Analysis of Cryptographic Software via Early-Terminating Multiplications , 2009, ICISC.

[7]  Danfeng Zhang,et al.  Predictive mitigation of timing channels in interactive systems , 2011, CCS '11.

[8]  Onur Aciiçmez,et al.  Predicting Secret Keys Via Branch Prediction , 2007, CT-RSA.

[9]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[10]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[11]  Matthias Hauswirth,et al.  Producing wrong data without doing anything obviously wrong! , 2009, ASPLOS.

[12]  Onur Aciiçmez,et al.  Cache Based Remote Timing Attack on the AES , 2007, CT-RSA.

[13]  Cédric Lauradoux,et al.  Collision attacks on processors with cache and countermeasures , 2005, WEWoRC.

[14]  Ruby B. Lee,et al.  Covert and Side Channels Due to Processor Architecture , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[15]  Paolo Ienne,et al.  A first step towards automatic application of power analysis countermeasures , 2011, 2011 48th ACM/EDAC/IEEE Design Automation Conference (DAC).

[16]  Stephan Krenn,et al.  Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice , 2011, 2011 IEEE Symposium on Security and Privacy.

[17]  Jean-Pierre Seifert,et al.  On the power of simple branch prediction analysis , 2007, ASIACCS '07.

[18]  Bart Coppens,et al.  Compiler mitigations for time attacks on modern x86 processors , 2012, TACO.

[19]  Risto M. Hakala,et al.  Cache-Timing Template Attacks , 2009, ASIACRYPT.

[20]  J. Quisquater,et al.  A Practical Implementation of the Timing Attack , 1998, CARDIS.

[21]  Artem Starostin,et al.  A tool for static detection of timing channels in Java , 2011, Journal of Cryptographic Engineering.

[22]  Bart Mennink,et al.  Towards Side-Channel Resistant Block Cipher Usage or Can We Encrypt Without Side-Channel Countermeasures? , 2010, IACR Cryptol. ePrint Arch..

[23]  Dan Boneh,et al.  Robust and Efficient Elimination of Cache and Timing Side Channels , 2015, ArXiv.

[24]  M. Stephens EDF Statistics for Goodness of Fit and Some Comparisons , 1974 .

[25]  Ken Kennedy,et al.  Conversion of control dependence to data dependence , 1983, POPL '83.

[26]  David Schultz,et al.  The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks , 2005, ICISC.

[27]  Onur Aciiçmez,et al.  Trace-Driven Cache Attacks on AES , 2006, IACR Cryptol. ePrint Arch..

[28]  Michael K. Reiter,et al.  Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud , 2013, CCS.

[29]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[30]  Koen De Bosschere,et al.  Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[31]  Joseph Bonneau,et al.  Cache-Collision Timing Attacks Against AES , 2006, CHES.

[32]  Onur Aciiçmez,et al.  Yet another MicroArchitectural Attack:: exploiting I-Cache , 2007, CSAW '07.

[33]  Ingrid Verbauwhede,et al.  Exploiting Hardware Performance Counters , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[34]  Amer Diwan,et al.  Computer systems are dynamical systems. , 2009, Chaos.

[35]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[36]  Jean-Pierre Seifert,et al.  Advances on Access-Driven Cache Attacks on AES , 2006, Selected Areas in Cryptography.

[37]  Sorin Lerner,et al.  On Subnormal Floating Point and Abnormal Timing , 2015, 2015 IEEE Symposium on Security and Privacy.

[38]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[39]  Billy Bob Brumley,et al.  Remote Timing Attacks Are Still Practical , 2011, ESORICS.

[40]  Onur Aciiçmez,et al.  New Results on Instruction Cache Attacks , 2010, CHES.

[41]  Michael Backes,et al.  Formally Bounding the Side-Channel Leakage in Unknown-Message Attacks , 2008, ESORICS.

[42]  Markus Dürmuth,et al.  A Provably Secure and Efficient Countermeasure against Timing Attacks , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[43]  Jean-Pierre Seifert,et al.  Software mitigations to hedge AES against cache-based software side channel vulnerabilities , 2006, IACR Cryptol. ePrint Arch..

[44]  Johan Agat,et al.  Transforming out timing leaks , 2000, POPL '00.

[45]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[46]  David Sands,et al.  Timing Aware Information Flow Security for a JavaCard-like Bytecode , 2005, Electron. Notes Theor. Comput. Sci..

[47]  Myungsun Kim,et al.  Utilization-aware load balancing for the energy efficient operation of the big.LITTLE processor , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[48]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[49]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.