UC Irvine

Side-channel attacks try to gain information about the secret data in sensitiveprograms through leveraging the difference between the algorithm and its implementation. Most common side-channel vulnerabilities arise from timing variations in program execution, memory access patterns, memory, power, and network consumption, response size, electromagnetic emissions, and acoustics that could be tied back to secret information. For these reasons, sensitive programs (e.g., real-world cryptographic code) are written in a constant-time fashion to avoid timing side-channel vulnerabilities. In this thesis, we present a constant-time compilation framework to automatically generate constant-time programs from traditionally written source code. This framework consists of 3 parts: 1) source-to-source transformation to rewrite the programs into constant-time counterparts, 2) automatically detecting and mitigating the non-constant-time hardware operations for the targeted architecture and 3) accelerating unbalanced secret dependent branches to reduce the overhead of flattened control-flow. Our framework is able to mitigate the majority of DARPA STAC benchmarks along with vulnerabilities in real-world projects such as OpenSSL and PGP.