Implementations of automated Masking

• Andrew Moss, Elisabeth Oswald, Dan Page, and Michael Tunstall. Compiler Assisted Masking. In Emmanuel Prouff and Patrick Schaumont, editors, CHES, volume 7428 of LNCS, pages 58–75. Springer, 2012

• G. Agosta, A. Barenghi, M. Maggi and G. Pelosi, "Compiler-based side channel vulnerability analysis and optimized countermeasures application" Design Automation Conference (DAC), 2013 50th ACM/EDAC/IEEE, Austin, TX, 2013, p. 1-6.

Obfuscation

• PhD thesis of Stéphanie Riaud (in French): http://dumas.ccsd.cnrs.fr/dumas-00636793/document

• Obfuscator-LLVM:

  • Bogus Control Flow (https://github.com/obfuscator-llvm/obfuscator/wiki/Bogus-Control-Flow) Average overhead performance ➡ 28 %

  • Control Flow Flattening (https://github.com/obfuscator-llvm/obfuscator/wiki/Control-Flow-Flattening) Average overhead performance ➡ 860 %

  • Instruction Substitution (https://github.com/obfuscator-llvm/obfuscator/wiki/Instructions-Substitution) Average overhead performance ➡ 13.5 %

  • A commercial version of this project with more features is available at https://strong.codes/

Model of attacker

In the case of cyber attacks

• Attacker can run programs on the same machine

  • attack on the branch predictor.
    (in French, has links) https://interstices.info/jcms/c_25753/une-faille-de-securite-dans-les-processeurs

  • attack on the Dcache (need ref)
• Attacker interacts with remote machine
  • buffer overflow, canari, ASLR, CFI
  • Canaries with Clang: -fstack-protector, -fstack-protector-strong, -fstack-protector-all
  • ASLR with Clang: -fpie -pie

  • Safe stack with Clang: -fsanitize=safe-stack. More information : http://dslab.epfl.ch/proj/cpi/ (research prototype)

  • CFI with Clang: -fsanitize=cfi. More information : http://clang.llvm.org/docs/ControlFlowIntegrity.html

  • Global Offset Table (GOT) Protection with Clang: -Wl,-z,now -Wl,-z,relro