what you get is what you c controlling side effects in
play

What you get is what you C: Controlling side effects in mainstream - PowerPoint PPT Presentation

Sep 02, 2022 •280 likes •868 views

What you get is what you C: Controlling side effects in mainstream C compilers Laurent Simon, David Chisnall, Ross Anderson Laurent Simon l.simon@samsung.com https://sites.google.com/view/laurent-simon/ Approved for public release;

  1. What you get is what you C: Controlling side effects in mainstream C compilers Laurent Simon, David Chisnall, Ross Anderson Laurent Simon l.simon@samsung.com https://sites.google.com/view/laurent-simon/ Approved for public release; distribution is unlimited. Sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contract FA8750-10-C-0237 (“CTSRD”) as part of the DARPA CRASH research program. The views, opinions, and/or findings contained in this report are those of the authors and should not be interpreted as representing the official views or policies, either expressed or implied, of the Department of Defense or the U.S. Government.

  2. Talk outline ● Compiler Optimizations and Side Effects ● Example: constant-time choose ● Proposed Solution and Evaluation ● Conclusion 24 April 18 Laurent SIMON - EuroS&P'18 - London 2

  3. 24 April 18 Laurent SIMON - EuroS&P'18 - London 3

  4. 24 April 18 Laurent SIMON - EuroS&P'18 - London 4

  5. 24 April 18 Laurent SIMON - EuroS&P'18 - London 5

  6. 24 April 18 Laurent SIMON - EuroS&P'18 - London 6

  7. 24 April 18 Laurent SIMON - EuroS&P'18 - London 7

  8. Question 1 Why are C compilers allowed to remove the calls? 24 April 18 Laurent SIMON - EuroS&P'18 - London 8

  9. C89/90/99/11 “An actual implementation need not evaluate part of an expression if it can deduce that its value is not used and that no needed side effects are produced" 24 April 18 Laurent SIMON - EuroS&P'18 - London 9

  10. 24 April 18 Laurent SIMON - EuroS&P'18 - London 10

  11. 24 April 18 Laurent SIMON - EuroS&P'18 - London 11

  12. 24 April 18 Laurent SIMON - EuroS&P'18 - London 12

  13. 24 April 18 Laurent SIMON - EuroS&P'18 - London 13

  14. 24 April 18 Laurent SIMON - EuroS&P'18 - London 14

  15. Takeaway message (1) I. C standard is not suited to express security guarantees relying on controlling side effects of code 24 April 18 Laurent SIMON - EuroS&P'18 - London 15

  16. Side Effects in Cryptography ● Side channels: ● Examples: timing, power, energy, EM ● Hardening techniques: ● Bit scattering ● Fault injection (e.g., rowhammer) ● See paper for more 24 April 18 Laurent SIMON - EuroS&P'18 - London 16

  17. Question 2 How do programmers attempt to control side effects today; and are they successful? 24 April 18 Laurent SIMON - EuroS&P'18 - London 17

  18. Talk outline ● Compiler Optimizations and Side Effects ● Example: constant-time choose ● Proposed Solution and Evaluation ● Conclusion 24 April 18 Laurent SIMON - EuroS&P'18 - London 18

  19. Goal: for all inputs, execution time is the same Goal => resistant to timing side channels 24 April 18 Laurent SIMON - EuroS&P'18 - London 19

  20. Constant-time requirements 1. No branching on sensitive data 24 April 18 Laurent SIMON - EuroS&P'18 - London 20

  21. 24 April 18 Laurent SIMON - EuroS&P'18 - London 21

  22. 24 April 18 Laurent SIMON - EuroS&P'18 - London 22

  23. 24 April 18 Laurent SIMON - EuroS&P'18 - London 23

  24. 24 April 18 Laurent SIMON - EuroS&P'18 - London 24

  25. 24 April 18 Laurent SIMON - EuroS&P'18 - London 25

  26. Constant-time requirements 1. No branching on sensitive data 2. Same data access pattern for all inputs 24 April 18 Laurent SIMON - EuroS&P'18 - London 26

  27. 24 April 18 Laurent SIMON - EuroS&P'18 - London 27

  28. 24 April 18 Laurent SIMON - EuroS&P'18 - London 28

  29. 24 April 18 Laurent SIMON - EuroS&P'18 - London 29

  30. 24 April 18 Laurent SIMON - EuroS&P'18 - London 30

  31. 24 April 18 Laurent SIMON - EuroS&P'18 - London 31

  32. 24 April 18 Laurent SIMON - EuroS&P'18 - London 32

  33. 24 April 18 Laurent SIMON - EuroS&P'18 - London 33

  34. 24 April 18 Laurent SIMON - EuroS&P'18 - London 34

  35. 24 April 18 Laurent SIMON - EuroS&P'18 - London 35

  36. 24 April 18 Laurent SIMON - EuroS&P'18 - London 36

  37. condition = false, return FalseVal 24 April 18 Laurent SIMON - EuroS&P'18 - London 37

  38. $clang-3.0 -O[0,1,2,3] ✓ 24 April 18 Laurent SIMON - EuroS&P'18 - London 38

  39. $clang-3.0 -O[1,2,3]  24 April 18 Laurent SIMON - EuroS&P'18 - London 39

  40. 24 April 18 Laurent SIMON - EuroS&P'18 - London 40

  41. $clang-3.0 -O[0,1,2,3] ✓ 24 April 18 Laurent SIMON - EuroS&P'18 - London 41

  42.  $clang-3.3 -O[2,3] 24 April 18 Laurent SIMON - EuroS&P'18 - London 42

  43. Observation: newer versions of compilers may be less reliable than older versions for controlling side effects 24 April 18 Laurent SIMON - EuroS&P'18 - London 43

  44. Takeaway message (2) I. C abstract standard is not suited to express security guarantees relying on controlling side effects of code II. Developers are left fighting the compiler through obfuscation to control side effects. This must stop: we must make C compilers our allies, not our enemies. 24 April 18 Laurent SIMON - EuroS&P'18 - London 44

  45. Talk outline ● Compiler Optimizations and Side Effects ● Example: constant-time choose ● Proposed Solution and Evaluation ● Conclusion 24 April 18 Laurent SIMON - EuroS&P'18 - London 45

  46. Proposed Solution ● Adding support into the compilers 24 April 18 Laurent SIMON - EuroS&P'18 - London 46

  47. Proposed Solution ● Adding support into the compilers ● Expose support to developers explicitly - Examples: pragma, annotations, flags, attributes, new functions, etc 24 April 18 Laurent SIMON - EuroS&P'18 - London 47

  48. Proposed Solution ● Adding support into the compilers ● Expose support to developers explicitly - Examples: pragma, annotations, flags, attributes, new functions, etc - Better communication has improved performance (e.g., SIMD attributes, restrict keyword), so will it help control side effects 24 April 18 Laurent SIMON - EuroS&P'18 - London 48

  49. Proposed Solution ● Adding support into the compilers ● Expose support to developers explicitly - Examples: pragma, annotations, flags, attributes, new functions, etc - Better communication has improved performance (e.g., SIMD attributes, restrict keyword), so will it help control side effects ● EuroLLVM 2018: general support for extensions that better express programmer intent 24 April 18 Laurent SIMON - EuroS&P'18 - London 49

  50. Implementation ● Two steps towards our goal: – Secret erasure for stack and registers: see paper – Constant-time choose() ● Clang/LLVM framework 24 April 18 Laurent SIMON - EuroS&P'18 - London 50

  51. 24 April 18 Laurent SIMON - EuroS&P'18 - London 51

  52. Constant-time choose() Type __builtin_ct_choose( bool cond, Type TrueVal, Type FalseVal); 24 April 18 Laurent SIMON - EuroS&P'18 - London 52

  53. Constant-time choose() Type __builtin_ct_choose( bool cond, Type TrueVal, Type FalseVal); OpenSSL defines 37 functions 24 April 18 Laurent SIMON - EuroS&P'18 - London 53

  54. Runtime overhead 1 Runtime overhead (# CPU cycles) 0.75 OpenSSL choose __builtin_ct_choose 0.5 0.25 0 X25519 Montgomery ladder 24 April 18 Laurent SIMON - EuroS&P'18 - London 54

  55. Takeaway message (3) I. C abstract standard is not suited to express security guarantees relying on controlling side effects of code II. Developers are left fighting the compiler through obfuscation to control side effects. This must stop: we must make C compilers our allies, not our enemies. III. Explicit compiler support will empower developers 24 April 18 Laurent SIMON - EuroS&P'18 - London 55

  56. Conclusion ● C standard not appropriate to control side effects ● Arms race between compiler writers and developers/cryptographers must stop ● Compiler support and expose it to developers ● Ton of work, with real impact ● Long journey: compiler, developers, OS, hardware (e.g., power side effects) 24 April 18 Laurent SIMON - EuroS&P'18 - London 56

  57. Thanks! Questions? Reference implementations: https://github.com/lmrs2/ct_choose https://github.com/lmrs2/zerostack Laurent Simon l.simon@samsung.com https://sites.google.com/view/laurent-simon/ 24 April 18 Laurent SIMON - EuroS&P'18 - London 57

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Reporting medicines side effects The Yellow Card Scheme Worried about side effects? If you are

Reporting medicines side effects The Yellow Card Scheme Worried about side effects? If you are

Reporting medicines side effects The Yellow Card Scheme Worried about side effects? If you are worried about a symptom you think may be a side effect: 1. Check the leaflet supplied with the medicine. It lists known side effects and advises you

592 views • 11 slides
THE INCIDENCE AND COSTS OF THE INCIDENCE AND COSTS OF CHEMOTHERAPY SIDE EFFECTS CHEMOTHERAPY

THE INCIDENCE AND COSTS OF THE INCIDENCE AND COSTS OF CHEMOTHERAPY SIDE EFFECTS CHEMOTHERAPY

THE INCIDENCE AND COSTS OF THE INCIDENCE AND COSTS OF CHEMOTHERAPY SIDE EFFECTS CHEMOTHERAPY SIDE EFFECTS Alison Pearce - PhD candidate Centre for Health Economics Research and Evaluation, UTS Supervisors: Marion Haas, Rosalie Viney CAER 2013

414 views • 37 slides
MY MEDICATION MADE ME DO IT: SIDE EFFECTS ASSOCIATED WITH ANTIPSYCHOTICS Learning Objectives

MY MEDICATION MADE ME DO IT: SIDE EFFECTS ASSOCIATED WITH ANTIPSYCHOTICS Learning Objectives

MY MEDICATION MADE ME DO IT: SIDE EFFECTS ASSOCIATED WITH ANTIPSYCHOTICS Learning Objectives Explore the neurobiological bases of various side effects (including cardiometabolic and movement disorders) associated with use of antipsychotics

592 views • 26 slides
Expressions Imperative prg : Statements have just vs side-effects, no value: (for, if, break)

Expressions Imperative prg : Statements have just vs side-effects, no value: (for, if, break)

Every expression results in a value (+side-effects?): 1+2, str.length(), f(x)+1 Expressions Imperative prg : Statements have just vs side-effects, no value: (for, if, break) statements Assignment is statement/expression depending

363 views • 18 slides
Known Side Effects of Biomedical Engineering R I C H A R D L A W R E N C E U N I V E R S I T Y

Known Side Effects of Biomedical Engineering R I C H A R D L A W R E N C E U N I V E R S I T Y

Known Side Effects of Biomedical Engineering R I C H A R D L A W R E N C E U N I V E R S I T Y O F Q U E E N S L A N D & M A T E R H E A L T H S E R V I C E S School and Early Life Always liked to play with (read break)

483 views • 17 slides
medication errors? Editor Meylers Side Effects of Drugs West Midlands Centre for Jeffrey

medication errors? Editor Meylers Side Effects of Drugs West Midlands Centre for Jeffrey

Do we have a commo mmon understanding of me medication errors? Editor Meylers Side Effects of Drugs West Midlands Centre for Jeffrey Aronson ADRs Co-editor: Stephens Detection and Side Effects of Evaluation of Adverse Drugs Annuals

492 views • 32 slides
The Yellow Card Scheme: Reporting Medicine Side Effects If you are worried about a symptom you

The Yellow Card Scheme: Reporting Medicine Side Effects If you are worried about a symptom you

The Yellow Card Scheme: Reporting Medicine Side Effects If you are worried about a symptom you think may be a side effect. 1. Check the leaflet supplied with the medicine 2. Talk to your doctor or pharmacist 3. You can also get

138 views • 10 slides
Monads Lecture 12 Prof. Aiken CS 264 Lecture 12 1 Monads A language without side

Monads Lecture 12 Prof. Aiken CS 264 Lecture 12 1 Monads A language without side

Monads Lecture 12 Prof. Aiken CS 264 Lecture 12 1 Monads A language without side effects cant do I/O Side effects are critical in some applications For expressiveness and/or efficiency Haskell has a general mechanism

681 views • 31 slides
Health versus Wealth: On the Distributional Effects of Controlling a Pandemic Andrew Glover

Health versus Wealth: On the Distributional Effects of Controlling a Pandemic Andrew Glover

Health versus Wealth: On the Distributional Effects of Controlling a Pandemic Andrew Glover Jonathan Heathcote Dirk Krueger Jose-Victor Rios- Rull Bank of England April 16 2020 Federal Reserve Bank of Kansas City Federal Reserve Bank of

490 views • 37 slides
New Patient Chemotherapy Class What you need to know Class video available online: A class for

New Patient Chemotherapy Class What you need to know Class video available online: A class for

Today well talk about How chemotherapy works How to prevent and manage side effects What to do if you get side effects What to expect when you come in for treatment New Patient Chemotherapy Class What you need to know Class

524 views • 8 slides
Side Effects - New Methods for predicting Multiple CYP Metabolic Sites and Off-target

Side Effects - New Methods for predicting Multiple CYP Metabolic Sites and Off-target

Predictive Cheminformatics Strategies for Anticipating Good and Bad Side Effects - New Methods for predicting Multiple CYP Metabolic Sites and Off-target Polypharmacology Curt M. Breneman*, Kristin P. Bennett, Jed Zaretzki, Mark Embrechts,

773 views • 59 slides
Patients understanding of the potential side effects, effectiveness and required safety

Patients understanding of the potential side effects, effectiveness and required safety

Patients understanding of the potential side effects, effectiveness and required safety monitoring of their current disease modifying therapy Julie Taylor, Chisha Weerasinghe, Tom Button York Teaching Hospitals NHS Trust Method Scripted

277 views • 12 slides
Disclosures Updates on Oncologic I have nothing to disclose Emergencies, Including Side Effects

Disclosures Updates on Oncologic I have nothing to disclose Emergencies, Including Side Effects

6/20/2019 Disclosures Updates on Oncologic I have nothing to disclose Emergencies, Including Side Effects of New Therapies Gerald Hsu, MD, PhD Assoc. Clinical Professor of Medicine University of California, San Francisco Hypercalcemia | Old

382 views • 10 slides
M&S in Preclinical Development Predicting thyroid hormones side effects in human from

M&S in Preclinical Development Predicting thyroid hormones side effects in human from

M&S in Preclinical Development Predicting thyroid hormones side effects in human from preclinical toxicity studies EMA/EFPIA M&S Workshop BOS1, 1 December 2011 Sandra Visser Global Network Leader Non-Clinical Modeling & Simulation

596 views • 14 slides
Detecting Side-effects via Electronic Medical Records with a case study in the Correlation of

Detecting Side-effects via Electronic Medical Records with a case study in the Correlation of

Detecting Side-effects via Electronic Medical Records with a case study in the Correlation of Parkinsons Disease with the use of Lipophilic Beta-Blockers He Zhang Assistant Professor Dept. of Information Systems & Decision Sciences,

348 views • 14 slides
Side wall effects in Rayleigh B enard experiments P.-E. Roche 1 , 3 , a , B. Castaing 1 , 2 , B.

Side wall effects in Rayleigh B enard experiments P.-E. Roche 1 , 3 , a , B. Castaing 1 , 2 , B.

Eur. Phys. J. B 24 , 405408 (2001) T HE E UROPEAN DOI: P HYSICAL J OURNAL B EDP Sciences c Societ` a Italiana di Fisica Springer-Verlag 2001 Side wall effects in Rayleigh B enard experiments P.-E. Roche 1 , 3 , a , B. Castaing 1 ,

535 views • 4 slides
FAMILY DOCTOR INDIA YESTERDAY TODAY TOMMORROW Prof . DR. S. ARULRHAJ M.D ,

FAMILY DOCTOR INDIA YESTERDAY TODAY TOMMORROW Prof . DR. S. ARULRHAJ M.D ,

FAMILY DOCTOR INDIA YESTERDAY TODAY TOMMORROW Prof . DR. S. ARULRHAJ M.D , F.R.C.P (Glasg) CHIEF PATRON IMACGP - INDIA HEALTH SCENARIO TODAY 128 crore population. 70% Villages. Health Care 30 - 40% 79% Safe

1.4k views • 53 slides
Sol-gel Synthesis and An1oxidant Proper1es of Y8rium Oxide

Sol-gel Synthesis and An1oxidant Proper1es of Y8rium Oxide

Universidad Autnoma Metropolitana, Unidad Cuajimalpa Sol-gel Synthesis and An1oxidant Proper1es of Y8rium Oxide Nanocrystallites Incorpora1ng P-123 Rebeca

172 views • 16 slides
Reopening Operations in a Pandemic Shut down On March 16 as the Governor closed places of public

Reopening Operations in a Pandemic Shut down On March 16 as the Governor closed places of public

Reopening Operations in a Pandemic Shut down On March 16 as the Governor closed places of public accommodation. We offered takeout food for the rest of the week while guests were still on property. We then furloughed all but a handful of staff

884 views • 38 slides
User Interfaces What is the User Interface? What works is better than what looks good. The

User Interfaces What is the User Interface? What works is better than what looks good. The

User Interfaces What is the User Interface? What works is better than what looks good. The looks good can change, but what works, works UI lies between the player and the internals of the game. It t ranslates players input into actions in

1.17k views • 8 slides
School Closure 2020 Activities for week 2 Ms. Lobdell, Mrs. Adams, Mrs. Stewart, and Mrs. Dinneen

School Closure 2020 Activities for week 2 Ms. Lobdell, Mrs. Adams, Mrs. Stewart, and Mrs. Dinneen

School Closure 2020 Activities for week 2 Ms. Lobdell, Mrs. Adams, Mrs. Stewart, and Mrs. Dinneen 20 minutes of reading IReady Reading and Math Google Classroom videos and Daily Work assignments Phonics Establishing a

238 views • 13 slides
Todays Moderator April Lawrence, Ed.D. Associate Director of eLearning Zoom Webinar Controls

Todays Moderator April Lawrence, Ed.D. Associate Director of eLearning Zoom Webinar Controls

Todays Moderator April Lawrence, Ed.D. Associate Director of eLearning Zoom Webinar Controls Enter your questions for Select Panelists and panelists in the Q&A pod. Attendees to say hi! Todays Presenters Ellen Frackelton,

992 views • 56 slides
South Campus Continuous Learning Teacher Information 6/15-6/19 Name: Bruce Callahan Mr.

South Campus Continuous Learning Teacher Information 6/15-6/19 Name: Bruce Callahan Mr.

South Campus Continuous Learning Teacher Information 6/15-6/19 Name: Bruce Callahan Mr. Callahan Email: bcallahan@sw.wednet.edu Announcements: If you would like to share your rock collection or any other project youve done for

318 views • 20 slides
City Rendering In Gangland Henrik Mnther and Mads Nyholm MediaMobsters 1 Overview

City Rendering In Gangland Henrik Mnther and Mads Nyholm MediaMobsters 1 Overview

City Rendering In Gangland Henrik Mnther and Mads Nyholm MediaMobsters 1 Overview Motivation Tile structure City construction Game logic Rendering Questions 2 Motivation (1) Game type: RTS controlled 2D

504 views • 11 slides

More recommend