Side-channel attacks try to gain information about the secret data in sensitiveprograms through leveraging the difference between the algorithm and its
implementation. Most common side-channel vulnerabilities arise from timing
variations in program execution, memory access patterns, memory, power, and
network consumption, response size, electromagnetic emissions, and acoustics
that could be tied back to secret information. For these reasons, sensitive
programs (e.g., real-world cryptographic code) are written in a constant-time
fashion to avoid timing side-channel vulnerabilities. In this thesis, we
present a constant-time compilation framework to automatically generate
constant-time programs from traditionally written source code. This framework
consists of 3 parts: 1) source-to-source transformation to rewrite the programs
into constant-time counterparts, 2) automatically detecting and mitigating the
non-constant-time hardware operations for the targeted architecture and 3)
accelerating unbalanced secret dependent branches to reduce the overhead of
flattened control-flow. Our framework is able to mitigate the majority of DARPA
STAC benchmarks along with vulnerabilities in real-world projects such as
OpenSSL and PGP.
