SP 2009, Date: 2009/05/17 - 2009/05/20, Location: CA, Berkeley
IEEE Symposium on Security and Privacy (SP 2009)
Author:
Keywords:
cosic, Science & Technology, Technology, Computer Science, Theory & Methods, Engineering, Electrical & Electronic, Computer Science, Engineering, iMinds
Abstract:
This paper studies and evaluates the extent to which automated compiler techniques can defend against timing-based side-channel attacks on modern x86 processors. We study how modern x86 processors can leak timing information through sidechannels that relate to control flow and data flow. To eliminate key-dependent control flow and key-dependent timing behavior related to control flow, we propose the use of if-conversion in a compiler backend, and evaluate a proof-of-concept prototype implementation. Furthermore, we demonstrate two ways in which programs that lack key-dependent control flow and keydependent cache behavior can still leak timing information on modern x86 implementations such as the Intel Core 2 Duo, and propose defense mechanisms against them. © 2009 IEEE.