Eliminating Timing Side-Channel Leaks using Program Repair Meng Wu Shengjian Guo Virginia Tech Virginia Tech Blacksburg, VA, USA Blacksburg, VA, USA Patrick Schaumont Chao Wang Virginia Tech University of Southern California Blacksburg, VA, USA Los Angeles, CA, USA ABSTRACT 53, 54, 61, 67, 83]. Generally speaking, timing side channels ex- We propose a method, based on program analysis and transforma- ist whenever the time taken to execute a piece of software code tion, for eliminating timing side channels in software code that depends on the values of secret variables. In this work, we are con- implements security-critical applications. Our method takes as in- cerned with two types of timing side-channels: instruction-related put the original program together with a list of secret variables (e.g., and cache-related. By instruction-related timing side channels, we cryptographic keys, security tokens, or passwords) and returns the mean the number or type of instructions executed along a path transformed program as output. The transformed program is guar- may differ depending on the values of secret variables, leading to anteed to be functionally equivalent to the original program and differences in the number of CPU cycles. By cache-related timing free of both instruction- and cache-timing side channels. Specifically, side channels, we mean the memory subsystem may behave differ- we ensure that the number of CPU cycles taken to execute any path ently depending on the values of secret variables, e.g., a cache hit is independent of the secret data, and the cache behavior of memory takes few CPU cycles but a miss takes hundreds of cycles. accesses, in terms of hits and misses, is independent of the secret Manually analyzing the timing characteristics of software code data. We have implemented our method in LLVM and validated its is difficult because it requires knowledge of not only the application effectiveness on a large set of applications, which are cryptographic itself but also the micro-architecture of the computer, including the libraries with 19,708 lines of C/C++ code in total. Our experiments cache configuration and how software code is compiled to machine show the method is both scalable for real applications and effective code. Even if a programmer is able to conduct the aforementioned in eliminating timing side channels. analysis manually, it would be too labor-intensive and error-prone in practice: with every code change, the software has to be re- CCS CONCEPTS analyzed and countermeasure has to be re-applied to ensure a uniform execution time for all possible values of the secret variables. • Security and privacy → Cryptanalysis and other attacks; • It is also worth noting that straightforward countermeasures such Software and its engineering → Compilers; Formal software as noise injection (i.e., adding random delay to the execution) do verification; not work well in practice, because noise can be removed using KEYWORDS well-established statistical analysis techniques [53, 54]. Thus, we propose an fully automated method for mitigating Side-channel attack, countermeasure, cache, timing, static analysis, timing side channels. Our method relies on static analysis to identify, abstract interpretation, program synthesis, program repair for a program and a list of secret inputs, the set of variables whose ACM Reference Format: values depend on the secret inputs. To decide if these sensitive Meng Wu, Shengjian Guo, Patrick Schaumont, and Chao Wang. 2018. Elim- program variables lead to timing leaks, we check if they affect inating Timing Side-Channel Leaks using Program Repair. In Proceedings unbalanced conditional jumps (instruction-related timing leaks) or of 27th ACM SIGSOFT International Symposium on Software Testing and accesses of memory blocks spanning across multiple cache lines Analysis (ISSTA’18). ACM, New York, NY, USA, 12 pages. https://doi.org/10. (cache-related timing leaks). Based on results of this analysis, we 1145/3213846.3213851 perform code transformations to mitigate the leaks, by equalizing the execution time. Although our framework is general enough for a arXiv:1806.02444v2 [cs.CR] 21 Jul 2018 1 INTRODUCTION broad range of applications, in this work, we focus on implementing Side-channel attacks have become increasingly relevant to a wide a software tool based on LLVM [6] and evaluating its effectiveness range of applications in distributed systems, cloud computing and on real cryptographic software. the Internet of things (IoT) where timing characteristics may be Figure1 shows the overall flow of our tool, SC-Eliminator, whose exploited by an adversary to deduce information about secret data, input consists of the program and a list of secret variables. First, including cryptographic keys, security tokens and passwords [24, we parse the program to construct its intermediate representation Permission to make digital or hard copies of all or part of this work for personal or inside the LLVM compiler. Then, we conduct a series of static anal- classroom use is granted without fee provided that copies are not made or distributed yses to identify the sensitive variables and timing leaks associated for profit or commercial advantage and that copies bear this notice and the full citation with these variables. Next, we conduct two types of code transfor- on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, mations to remove the leaks. One transformation aims to eliminate to post on servers or to redistribute to lists, requires prior specific permission and/or a the differences in the execution time caused by unbalanced condi- fee. Request permissions from [email protected]. tional jumps, while the other transformation aims to eliminate the ISSTA’18, July 16–21, 2018, Amsterdam, Netherlands © 2018 Association for Computing Machinery. differences in the number of cache hits/misses during the accesses ACM ISBN 978-1-4503-5699-2/18/07...$15.00 of look-up tables such as S-Boxes. https://doi.org/10.1145/3213846.3213851 ISSTA’18, July 16–21, 2018, Amsterdam, Netherlands Meng Wu, Shengjian Guo, Patrick Schaumont, and Chao Wang the performance of cryptographic algorithms; Botan [1], a crypto- Original Detection Mitigation GEM5 graphic library written in C++11; and Libgcrypt [3], the GNU library. Program Simulation Sensitivity Unify Sensitive In total, they have 19,708 lines of C/C++ code. Our experiments Analysis Branches show the tool is scalable for these real applications: in all cases, Static Cache Equalize LLVM Machine the static analysis took only a few seconds while the transforma- Analysis Cache Accesses Bit-code Code tion took less than a minute. Furthermore, the mitigated software have only moderate increases in code size and runtime overhead. Figure 1: SC-Eliminator: a tool for detecting and mitigating Finally, with GEM5 simulation, we were able to confirm that both both instruction- and cache-timing side channels. instruction- and cache-timing leaks were indeed eliminated. To summarize, this paper makes the following contributions: • We propose a static analysis and transformation based method Conceptually, these transformations are straightforward: If we for eliminating instruction- and cache-timing side channels. • equalize the execution time of both sensitive conditional statements We implement the proposed method in a software tool based and sensitive memory accesses, there will be no instruction- or on LLVM, targeting cryptographic software written in C/C++. • cache-timing leaks. However, since both transformations adversely We evaluate our tool on a large number of applications to affect the runtime performance, they must be applied judiciously demonstrate its scalability and effectiveness. to remain practical. Thus, a main technical challenge is to develop The remainder of this paper is organized as follows. First, we use analysis techniques to decide when these countermeasures are not examples to illustrate instruction- and cache-timing side channels in needed and thus can be skipped safely. Section2, before defining the notations in Section3. We present our Toward this end, we propose a static sensitivity analysis to prop- methods for detecting timing leaks in Section4 and for mitigating agate sensitivity tags from user-annotated (secret) inputs to other timing leaks in Sections5 and6. We present our experimental parts of the program. The goal is to identify all variables that may results in Section7, review the related work in Section8, and finally, depend transitively on the secret inputs. Since the analysis is static give our conclusions in Section9. and thus has to be conservative, it detects potential timing leaks, e.g., unbalanced branches guarded by sensitive variables. We also 2 MOTIVATION propose a static cache analysis to identify the set of program lo- In this section, we use real examples to illustrate various types of cations where memory accesses always lead to cache hits. This timing leaks in cryptographic software. must-hit analysis [40, 41], following the general framework of ab- stract interpretation [30], is designed to be conservative in that a 2.1 Conditional Jumps Affected by Secret Data reported must-hit is guaranteed to be a hit along all paths. Thus, it An unbalanced if-else statement whose condition is affected by can be used by our tool to skip redundant mitigations. secret data may have side-channel leaks, because the then- and To demonstrate that timing leaks reported by our tool are real and else-branches will have different execution time. Figure2 shows to evaluate the accuracy of our static analyses, we also compile the the C code of a textbook implementation of a 3-way cipher [76], original and mitigated software to machine code and carefully ana- where the variable a is marked as secret and it affects the execution lyze their timing characteristics using GEM5 [21], a cycle-accurate time of the if-statements. By observing the timing variation, an micro-architectural CPU simulator.