Compiler mitigations for time attacks on modern x86 processors

Transactions on Architecture and Code Optimization

Volumn 8, Issue 4, 2012, Pages

  Van Cleemput, Jeroen ^a   Coppens, Bart ^a   De Sutter, Bjorn ^a  

^a GHENT UNIVERSITY   (Belgium)

Author keywords

Time based side channels; Variable latency instructions; X86 architecture

Indexed keywords

AUTOMATED SUPPORT; CODE TRANSFORMATION; COMPILER TECHNIQUES; DATA FLOW; EXECUTION TIME; SIDE CHANNEL ATTACK; SIDE-CHANNEL; TIMING INFORMATION; VARIABLE LATENCY INSTRUCTIONS;

COMPUTER ARCHITECTURE; COSINE TRANSFORMS; SENSITIVITY ANALYSIS;

PROGRAM COMPILERS;

EID: 84857879863     PISSN: 15443566     EISSN: 15443973     Source Type: Journal    
DOI: 10.1145/2086696.2086702     Document Type: Article

References (48)

1. ACIIÇMEZ, O. 2007. Yet another microarchitectural attack: exploiting I-Cache. In Proceedings of the ACM Workshop on Computer Security Architecture (CSAW'07). 11-18.
2. ACIIÇMEZ, O., BRUMLEY, B. B., AND GRABHER, P. 2010. New results on instruction cache attacks. In Proceedings of the 12th International Conference on Cryptographic Hardware and Embedded Systems (CHES'10). 110-124.
3. ACIIÇMEZ, O. AND KOÇ, Ç. 2006. Trace-driven cache attacks on AES. In Information and Communications Security. Lecture Notes in Computer Science Series, vol. 4307, 112-121.
4. ACIIÇMEZ, O., KOÇ, Ç., AND SEIFERT, J.-P. 2007a. On the power of simple branch prediction analysis. In Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS'07). 312-320.
5. ACIIÇMEZ, O., KOÇ, Ç., AND SEIFERT, J.-P. 2007b. Predicting secret keys via branch prediction. In Topics in Cryptology, the Cryptographers Track at the RSA Conference (CT-RSA'07). 225-242.
6. ACIIÇMEZ, O., SCHINDLER, W., AND KOÇ, Ç . 2007. Cache based remote timing attack on the AES. In Topics in Cryptology, The Cryptographers Track at the RSA Conference (CT-RSA'07). 271-286.
7. ARM Limited 2004. ARM7TDMI Technical Reference Manual (Revision r4p1). ARM Limited.
8. BATINA, L., GIERLICHS, B., PROUFF, E., RIVAIN, M., STANDAERT, F.-X., AND VEYRAT-CHARVILLON, N. 2011. Mutual information analysis: a comprehensive study. J. Cryptology 24, 2, 269-291.
9. BAYRAK, A. G., REGAZZONI, F., BRISK, P., STANDAERT, F.-X., AND IENNE, P. 2011. A first step towards automatic application of power analysis countermeasures. In Proceedings of the 48th Design Automation Conference (DAC'11). 230-235.
10. BERNSTEIN, D. J. 2005. Cache-timing attacks on AES. Tech. rep., The University of Illinois at Chicago.
11. BONNEAU, J. AND MIRONOV, I. 2006. Cache-collision timing attacks against AES. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems (CHES'06). 201-215. (Pubitemid 44710731)
12. BRICKELL, E., GRAUNKE, G., NEVE, M., AND SEIFERT, J.-P. 2006. Software mitigations to hedge AES against cache-based software side channel vulnerabilities. Cryptology ePrint Archive, rep. 2006/052.
13. BRUMLEY, B. B. AND HAKALA, R. M. 2009. Cache-timing template attacks. In Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology (ASIACRYPT '09). 667-684.
14. BRUMLEY, B. B. AND TUVERI, N. 2011. Remote timing attacks are still practical. Cryptology ePrint Archive, rep. 2011/232.
15. BRUMLEY, D. AND BONEH, D. 2005. Remote timing attacks are practical. Computer Netw. 48, 5, 701-716. (Pubitemid 40684158)
16. COKE, J., BALIG, H., COORAY, N., GAMSARAGAN, E., SMITH, P., YOON, K., ABEL, J., AND VALLES, A. 2008. Improvements in the Intel Core 2 processor family architecture and microarchitecture. Intel Technol. J. 12, 3, 179-192.
17. COPPENS, B., VERBAUWHEDE, I., DE BOSSCHERE, K., AND DE SUTTER, B. 2009. Practical mitigations for timingbased side-channel attacks on modern x86 processors. In Proceedings of the 30th IEEE Symposium on Security and Privacy (S&P'09). 45-60.
18. CROSBY, S. A., WALLACH, D. S., AND RIEDI, R. H. 2009. Opportunities and limits of remote timing attacks. ACM Trans. Info. Syst. Sec. 12, 3, 17:1-17:29.
19. DHEM, J.-F., KOEUNE, F., LEROUX, P.-A., MESTRÉ, P., QUISQUATER, J.-J., AND WILLEMS, J.-L. 1998. A practical implementation of the timing attack. In Proceedings of the International Conference on Smart Card Research and Applications (CARDIS'98). 167-182.
20. DOWECK, J. 2006. Inside Intel Core microarchitecture and smart memory access. Tech. rep., Intel Corporation.
21. FOG, A. 2011. Instruction tables: Lists of instruction latencies, throughputs and micro-operation breakdowns for Intel, AMD and VIA CPUs. Tech. rep., Copenhagen University of Engineering.
22. GEORGES, A., BUYTAERT, D., AND EECKHOUT, L. 2007. Statistically rigorous java performance evaluation. SIGPLAN Notices 42, 10, 57-76.
23. GIERLICHS, B., BATINA, L., TUYLS, P., AND PRENEEL, B. 2008. Mutual information analysis. In Proceedings of the 10th International Workshop on Cryptographic Hardware and Embedded Systems (CHES'08). 426-442.
24. GRANLUND, T. 2011. Instruction latencies and throughput for AMD and Intel x86 processors. Tech. rep.
25. GROSZSCHAEDL, J., OSWALD, E., PAGE, D., AND TUNSTALL, M. 2009. Side channel analysis of cryptographic software via early-terminating multiplications. In Proceedings of the 12th International Conference on Information Security and Cryptology (ICISC'09). 176-192.
26. GUAJARDO, J. AND MENNINK, B. 2010. Towards side-channel resistant block cipher usage or can we encrypt without side-channel countermeasures. Cryptology ePrint Archive, rep. 2010/015.
27. GUERON, S. 2008. Advanced encryption standard (AES) instructions set. Tech. rep., Intel Mobility Group.
28. GULLASCH, D., BANGERTER, E., AND KRENN, S. 2010. Cache games - bringing access based cache attacks on aes to practice. Cryptology ePrint Archive, rep. 2010/594.
29. HEDIN, D. AND SANDS, D. 2005. Timing aware information flow security for a Javacard-like bytecode. Electron. Notes Theoret. Comput. Science 141, 1, 163-182. (Pubitemid 41689008)
30. INTEL CORPORATION 2010. Using Intel VTune performance analyzer to optimize software on Intel Core i7 processors. Intel Corporation.
31. INTEL CORPORATION 2011. Intel 64 and IA-32 Architectures Optimization Reference Manual. Intel Corporation.
32. JOYE, M. AND YEN, S.-M. 2003. Themontgomery powering ladder. In Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems (CHES'03). 291-302.
33. KOCHER, P. C. 1996. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO'96). 104-113. (Pubitemid 126106234)
34. KOCHER, P. C., JAFFE, J., AND JUN, B. 1999. Differential power analysis. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO'99). 388-397.
35. KÖPF, B. AND BASIN, D. 2007. An information-theoretic model for adaptive side-channel attacks. In Proceedings of the 14th ACM CAonference on Computer and Communications Security (CCS'07). 286-296.
36. KÖPF, B. AND DÜRMUTH, M. 2009. A provably secure and efficient countermeasure against timing attacks. In Proceedings of the 22nd IEEE Computer Security Foundations Symposium (CSF'09). 324-335.
37. LATTNER, C. AND ADVE, V. 2003. LLVM: A compilation framework for lifelong program analysis & transformation. Tech. rep., Univ. of Illinois at Urbana-Champaign.
38. LAURADOUX, C. 2005. Collision attacks on processors with cache and countermeasures. In Proceedings of the Western European Workshop on Research in Cryptology (WEWoRC'05). 76-85.
39. MENEZES, A. J., VAN OORSCHOT, P. C., AND VANSTONE, S. A. 2001. Handbook of Applied Cryptography. CRC Press.
40. MOLNAR, D., PIOTROWSKI, M., SCHULTZ, D., AND WAGNER, D. 2005. The program counter security model: Automatic detection and removal of control-flow side channel attacks. In Proceedings of the International Conference Information Security and Cryptology (ICISC'05). 156-168. (Pubitemid 44029531)
41. MYTKOWICZ, T., DIWAN, A., HAUSWIRTH, M., AND SWEENEY, P. F. 2009. Producing wrong data without doing anything obviously wrong! In Proceeding of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'09). 265-276.
42. NEVE, M. AND SEIFERT, J.-P. 2007. Advances on access-driven cache attacks on AES. In Proceedings of the 13th International Conference on Selected Areas in Cryptography (SAC'06). 147-162.
43. OSVIK, D. A., SHAMIR, A., AND TROMER, E. 2006. Cache attacks and countermeasures: The case of AES. In Topics in Cryptology, The Cryptographers Track at the RSA Conference (CT-RSA'06). 1-20. (Pubitemid 43971699)
44. RISTENPART, T., TROMER, E., SHACHAM, H., AND SAVAGE, S. 2009. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS'09). 199-212.
45. SHEN, J. AND LIPASTI, M. 2005. Modern Processor Design: Fundamentals of Superscalar Processors. McGraw-Hill.
46. UHSADEL, L., GEORGES, A., AND VERBAUWHEDE, I. 2008. Exploiting hardware performance counters. In Proceedings of the 5th Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC'08). 59-67.
47. WANG, Z. AND LEE, R. B. 2006. Covert and side channels due to processor architecture. In Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC'06). 473-482. (Pubitemid 351232939)
48. WANG, Z. AND LEE, R. B. 2007. New cache designs for thwarting software cache-based side channel attacks. SIGARCH Comput. Architec. News 35, 2, 494-505. (Pubitemid 47582127)