Side-channel vulnerabilities, particularly timing and access-pattern-based attacks, have become critical issues for confidential data processing in trusted environments. Oblivious programming is an effective approach to alleviate these attacks by making program execution not leak any secret through execution time and data access traces. To facilitate oblivious programming in practice, we propose a compilation-time checking tool, obliv-clang, which can comprehensively check the obliviousness of a program written in C++. It is designed to support the rich language features in C++, including the complicated concept of arbitrarily nested pointers, in order to seamlessly work with existing industry-level codebases and produce high-performance compiled binaries with minimum compilation overheads. We design a set of rules in obliv-clang and formally prove their soundness in the presence of complicated C++ language features. We also implement several non-trivial oblivious algorithms as case studies to demonstrate the expressiveness of obliv-clang, and show that programs compiled using obliv-clang can outperform previous solutions.
翻译:侧信道漏洞,尤其是基于时序和访问模式的攻击,已成为可信环境下机密数据处理的关键问题。Oblivious 编程通过使程序执行不通过执行时间和数据访问痕迹泄露任何秘密,是缓解此类攻击的有效方法。为促进 oblivious 编程在实际中的应用,我们提出编译时检查工具 obliv-clang,该工具能全面检查 C++ 程序的 oblivious 性能。它旨在支持 C++ 中丰富的语言特性,包括任意嵌套指针这一复杂概念,从而无缝对接现有工业级代码库,并以最小的编译开销生成高性能编译二进制文件。我们在 obliv-clang 中设计了一组规则,并基于复杂 C++ 语言特性正式证明了这些规则的可靠性。我们还实现了多个具有挑战性的 oblivious 算法作为案例研究,以展示 obliv-clang 的表达能力,并表明使用 obliv-clang 编译的程序性能优于现有解决方案。