Hardware Support for Constant-Time Programming

Yuanqing Miao, Mahmut Taylan Kandemir, Danfeng Zhang, Yingtian Zhang, Gang Tan, Dinghao Wu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Side-channel attacks are one of the rising security concerns in modern computing platforms. Observing this, researchers have proposed both hardware-based and software-based strategies to mitigate side-channel attacks, targeting not only on-chip caches but also other hardware components like memory controllers and on-chip networks. While hardware-based solutions to side-channel attacks are usually costly to implement as they require modifications to the underlying hardware, software-based solutions are more practical as they can work on unmodified hardware. One of the recent software-based solutions is constant-time programming, which tries to transform an input program to be protected against side-channel attacks such that an operation working on a data element/block to be protected would execute in an amount of time that is independent of the input. Unfortunately, while quite effective from a security angle, constant-time programming can lead to severe performance penalties. Motivated by this observation, in this paper, we explore novel hardware support to make constant-time programming much more efficient than its current implementations. Specifically, we present a new hardware component that can greatly improve the performance of constant-time programs with large memory footprints. The key idea in our approach is to add a small structure into the architecture and two accompanying instructions, which collectively expose the existence/dirtiness information of multiple cache lines to the application program, so that the latter can perform more efficient side-channel mitigation. Our experimental evaluation using three benchmark programs with secret data clearly show the effectiveness of the proposed approach over a state-of-the-art implementation of constant-time programming. Specifically, in the three benchmark programs tested, our approach leads to about 7x reduction in performance overheads over the state-of-the-art approach.

Original languageEnglish (US)
Title of host publicationProceedings of the 56th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 2023
PublisherAssociation for Computing Machinery, Inc
Pages856-870
Number of pages15
ISBN (Electronic)9798400703294
DOIs
StatePublished - Oct 28 2023
Event56th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 2023 - Toronto, Canada
Duration: Oct 28 2023Nov 1 2023

Publication series

NameProceedings of the 56th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 2023

Conference

Conference56th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 2023
Country/TerritoryCanada
CityToronto
Period10/28/2311/1/23

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Hardware and Architecture
  • Renewable Energy, Sustainability and the Environment

Cite this