Architectural Mimicry: Innovative Instructions to Efficiently Address Control-Flow Leakage in Data-Oblivious Programs
Lesly-Ann Daniel
WHERE: INRIA, Fermat 102
WHEN: November 23, 2023 11AM-11h30AM
Paper to appear in IEEE Security & Privacy 2024: https://mici.hu/papers/winderix24ami.pdf
Abstract: The control flow of a program can often be observed
through side-channel attacks. Hence, when control flow depends on secrets, attackers can learn information about these
secrets. Widely used software-based countermeasures ensure
that attacker-observable aspects of the control flow do not
depend on secrets, relying on techniques like dummy execution
(for balancing code) or conditional execution (for linearizing
code). In the current state-of-practice, the primitives to implement these techniques have to be found in an existing instruction set architecture (ISA) that was not designed a priori to
provide them, leading to performance, security, and portability
issues. To counter these issues, this paper proposes lightweight
hardware extensions for supporting these techniques in a
principled way. We propose (1) a novel hardware mechanism (mimic execution), that executes an instruction stream
only for its attacker-observable effects, and suppresses (most)
architectural effects, and (2) ISA support (called AMi, for
Architectural Mimicry) and programming models to effectively
use mimic execution to balance or linearize code. We show
the feasibility and benefits of our proposal by implementing
mimic execution and AMi for a 32-bit out-of-order RISC-V
core that leaks control flow in multiple ways (via e.g., the
branch predictor, instruction timings, and the data cache). Our
experimental evaluation shows that the hardware cost is low
(most importantly, no impact on the processor’s critical path),
and that AMi enables significant performance improvements.
In particular, AMi reduces the overhead of state-of-the-art
linearized code by 60% in our benchmarks.
