Raccoon: Closing Digital Side-Channels through Obfuscated Execution
Ashay Rane, Calvin Lin, and Mohit Tiwari, The University of Texas at Austin
Side-channel attacks monitor some aspect of a computer system’s behavior to infer the values of secret data. Numerous side-channels have been exploited, including those that monitor caches, the branch predictor, and the memory address bus. This paper presents a method of defending against a broad class of side-channel attacks, which we refer to as digital side-channel attacks. The key idea is to obfuscate the program at the source code level to provide the illusion that many extraneous program paths are executed. This paper describes the technical issues involved in using this idea to provide confidentiality while minimizing execution overhead. We argue about the correctness and security of our compiler transformations and demonstrate that our transformations are safe in the context of a modern processor. Our empirical evaluation shows that our solution is 8.9x faster than prior work (GhostRider [20]) that specifically defends against memory trace-based side-channel attacks.
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
BibTeX
@inproceedings {190908,
author = {Ashay Rane and Calvin Lin and Mohit Tiwari},
title = {Raccoon: Closing Digital {Side-Channels} through Obfuscated Execution},
booktitle = {24th USENIX Security Symposium (USENIX Security 15)},
year = {2015},
isbn = {978-1-939133-11-3},
address = {Washington, D.C.},
pages = {431--446},
url = {https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/rane},
publisher = {USENIX Association},
month = aug
}
