Visible to the public Compiler-Assisted Loop Hardening Against Fault Attacks

TitleCompiler-Assisted Loop Hardening Against Fault Attacks
Publication TypeJournal Article
Year of Publication2017
AuthorsProy, Julien, Heydemann, Karine, Berzati, Alexandre, Cohen, Albert
JournalACM Trans. Archit. Code Optim.
Volume14
Pagination36:1–36:25
ISSN1544-3566
Keywordscompiler, compiler security, composability, physical attacks, pubcrawl, Resiliency, software protection
AbstractSecure elements widely used in smartphones, digital consumer electronics, and payment systems are subject to fault attacks. To thwart such attacks, software protections are manually inserted requiring experts and time. The explosion of the Internet of Things (IoT) in home, business, and public spaces motivates the hardening of a wider class of applications and the need to offer security solutions to non-experts. This article addresses the automated protection of loops at compilation time, covering the widest range of control- and data-flow patterns, in both shape and complexity. The security property we consider is that a sensitive loop must always perform the expected number of iterations; otherwise, an attack must be reported. We propose a generic compile-time loop hardening scheme based on the duplication of termination conditions and of the computations involved in the evaluation of such conditions. We also investigate how to preserve the security property along the compilation flow while enabling aggressive optimizations. We implemented this algorithm in LLVM 4.0 at the Intermediate Representation (IR) level in the backend. On average, the compiler automatically hardens 95% of the sensitive loops of typical security benchmarks, and 98% of these loops are shown to be robust to simulated faults. Performance and code size overhead remain quite affordable, at 12.5% and 14%, respectively.
URLhttp://doi.acm.org/10.1145/3141234
DOI10.1145/3141234
Citation Keyproy_compiler-assisted_2017