TY - GEN
T1 - Declassiflow
T2 - 30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023
AU - Choudhary, Rutvik
AU - Wang, Alan
AU - Zhao, Zirui Neil
AU - Morrison, Adam
AU - Fletcher, Christopher W.
N1 - Publisher Copyright:
© 2023 Copyright held by the owner/author(s). Publication rights licensed to ACM.
PY - 2023/11/15
Y1 - 2023/11/15
N2 - Speculative execution attacks undermine the security of constant-time programming, the standard technique used to prevent microarchitectural side channels in security-sensitive software such as cryptographic code. Constant-time code must therefore also deploy a defense against speculative execution attacks to prevent leakage of secret data stored in memory or the processor registers. Unfortunately, contemporary defenses, such as speculative load hardening (SLH), can only satisfy this strong security guarantee at a very high performance cost. This paper proposes Declassiflow, a static program analysis and protection framework to efficiently protect constant-time code from speculative leakage. Declassiflow models “attacker knowledge”-data which is inherently transmitted (or, implicitly declassified) by the code's non-speculative execution-and statically removes protection on such data from points in the program where it is already guaranteed to leak non-speculatively. Overall, Declassiflow ensures that data which never leaks during the non-speculative execution does not leak during speculative execution, but with lower overhead than conservative protections like SLH.
AB - Speculative execution attacks undermine the security of constant-time programming, the standard technique used to prevent microarchitectural side channels in security-sensitive software such as cryptographic code. Constant-time code must therefore also deploy a defense against speculative execution attacks to prevent leakage of secret data stored in memory or the processor registers. Unfortunately, contemporary defenses, such as speculative load hardening (SLH), can only satisfy this strong security guarantee at a very high performance cost. This paper proposes Declassiflow, a static program analysis and protection framework to efficiently protect constant-time code from speculative leakage. Declassiflow models “attacker knowledge”-data which is inherently transmitted (or, implicitly declassified) by the code's non-speculative execution-and statically removes protection on such data from points in the program where it is already guaranteed to leak non-speculatively. Overall, Declassiflow ensures that data which never leaks during the non-speculative execution does not leak during speculative execution, but with lower overhead than conservative protections like SLH.
KW - Software-based defense
KW - Speculative execution attacks
KW - Static analysis
UR - http://www.scopus.com/inward/record.url?scp=85179841697&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85179841697&partnerID=8YFLogxK
U2 - 10.1145/3576915.3623065
DO - 10.1145/3576915.3623065
M3 - Conference contribution
AN - SCOPUS:85179841697
T3 - CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security
SP - 2053
EP - 2067
BT - CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery
Y2 - 26 November 2023 through 30 November 2023
ER -