Structured Leakage and Applications to Cryptographic Constant-Time and Cost

Many security properties of interest are captured by instrumented semantics that model the functional behavior and the leakage of programs. For several important properties, including cryptographic constant-time (CCT), leakage models are sufficiently abstract that one can define instrumented semantics for high-level and low-level programs. One important goal is then to relate leakage of source programs and leakage of their compilation---this can be used, e.g., to prove preservation of CCT. To simplify this task, we put forward the idea of structured leakage. In contrast to the usual modeling of leakage as a sequence of observations, structured leakage is tightly coupled with the operational semantics of programs. This coupling greatly simplifies the definition of leakage transformers that map the leakage of source programs to leakage of their compilation and yields more precise statements about the preservation of security properties. We illustrate our methods on the Jasmin compiler and prove preservation results for two policies of interest: CCT and cost.

[1]  Magnus O. Myreen,et al.  Do you have space for dessert? a verified space cost semantics for CakeML programs , 2020, Proc. ACM Program. Lang..

[2]  Zoe Paraskevopoulou,et al.  Closure conversion is safe for space , 2019, Proc. ACM Program. Lang..

[3]  Gilles Barthe,et al.  Deriving an information flow checker and certifying compiler for Java , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[4]  Benjamin Grégoire,et al.  FaCT: a DSL for timing-sensitive computation , 2019, PLDI.

[5]  David Sands,et al.  On Confidentiality and Algorithms , 2001, S&P 2001.

[6]  Cristiano Giuffrida,et al.  Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization , 2021, CCS.

[7]  Zhong Shao,et al.  End-to-end verification of stack-space bounds for C programs , 2014, PLDI.

[8]  Marco Patrignani,et al.  Exorcising Spectres with Secure Compilers , 2021, CCS.

[9]  Juan Chen,et al.  Type-preserving compilation of end-to-end verification of security enforcement , 2010, PLDI '10.

[10]  Koen De Bosschere,et al.  Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[11]  Toby Murray,et al.  Verifying that a compiler preserves concurrent value-dependent information-flow security , 2019, ITP.

[12]  Kedar S. Namjoshi,et al.  Witnessing Secure Compilation , 2020, VMCAI.

[13]  Nicolas Halbwachs,et al.  Improving WCET Evaluation using Linear Relation Analysis , 2019, Leibniz Trans. Embed. Syst..

[14]  Danfeng Zhang,et al.  Language-based control and mitigation of timing channels , 2012, PLDI.

[15]  Karl Crary,et al.  Resource bound certification , 2000, POPL '00.

[16]  Dawn Xiaodong Song,et al.  The Correctness-Security Gap in Compiler Optimization , 2015, 2015 IEEE Security and Privacy Workshops.

[17]  Benjamin Grégoire,et al.  Jasmin: High-Assurance and High-Speed Cryptography , 2017, CCS.

[18]  Benjamin Grégoire,et al.  Formal Verification of a Constant-Time Preserving C Compiler : 3 by theoretical justifications : in [ , 2019 .

[19]  Craig Disselkoen,et al.  Automatically eliminating speculative leaks from cryptographic code with blade , 2020, Proc. ACM Program. Lang..

[20]  Gilles Barthe,et al.  System-level Non-interference for Constant-time Cryptography , 2014, IACR Cryptol. ePrint Arch..

[21]  Ross J. Anderson,et al.  What You Get is What You C: Controlling Side Effects in Mainstream C Compilers , 2018, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[22]  Benjamin Grégoire,et al.  Secure Compilation of Side-Channel Countermeasures: The Case of Cryptographic “Constant-Time” , 2018, 2018 IEEE 31st Computer Security Foundations Symposium (CSF).

[23]  Benjamin Grégoire,et al.  The Last Mile: High-Assurance and High-Speed Cryptographic Implementations , 2019, 2020 IEEE Symposium on Security and Privacy (SP).

[24]  J. P. Boender,et al.  Certified Complexity (CerCo) , 2013, FOPARA.

[25]  Roberto Blanco,et al.  Exploring Robust Property Preservation for Secure Compilation , 2018, ArXiv.