Motivation
Constant-time programs are immune to side-channel attacks but are vulnerable when executed speculatively.
Previous studies have proposed protections that disable speculation on secret data, and the overhead largely depends on how precisely public data and secret data are distinguished.
I studied several prior works on transient attack protections and discovered that some made massive hardware changes for precision, others introduced mild hardware features but were in coarse granularity or relied on manual binary patching.
With the observations, I sought to leverage properties of constant-time programs and software analysis to simplify the hardware while maintaining high precision in secret classification.
Approaches
I managed to relieve the hardware by assigning each page a static label of being secret or not, instead of maintaining each byte’s secret status dynamically.
Since a stack page may encompass both public and secret data, we designed an ahead-of-time analysis framework that automates the rearrangement of the stack layout of binary, moving secret objects to a shadow stack on another page.
I implemented the simplified hardware features including taint tracking and defense mechanisms in Gem5, as well as a dynamic binary instrumentation plugin in Valgrind which helps analyze the binary and re-write the instructions to separate public and secret data on the stack. The same step is ignored or manually done in previous works.
The project is still in its progress.