what you get is what you c controlling side effects in
play

What you get is what you C: Controlling side effects in mainstream - PowerPoint PPT Presentation

Sep 02, 2022 •280 likes •868 views

What you get is what you C: Controlling side effects in mainstream C compilers Laurent Simon, David Chisnall, Ross Anderson Laurent Simon l.simon@samsung.com https://sites.google.com/view/laurent-simon/ Approved for public release;

  1. What you get is what you C: Controlling side effects in mainstream C compilers Laurent Simon, David Chisnall, Ross Anderson Laurent Simon l.simon@samsung.com https://sites.google.com/view/laurent-simon/ Approved for public release; distribution is unlimited. Sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contract FA8750-10-C-0237 (“CTSRD”) as part of the DARPA CRASH research program. The views, opinions, and/or findings contained in this report are those of the authors and should not be interpreted as representing the official views or policies, either expressed or implied, of the Department of Defense or the U.S. Government.

  2. Talk outline ● Compiler Optimizations and Side Effects ● Example: constant-time choose ● Proposed Solution and Evaluation ● Conclusion 24 April 18 Laurent SIMON - EuroS&P'18 - London 2

  3. 24 April 18 Laurent SIMON - EuroS&P'18 - London 3

  4. 24 April 18 Laurent SIMON - EuroS&P'18 - London 4

  5. 24 April 18 Laurent SIMON - EuroS&P'18 - London 5

  6. 24 April 18 Laurent SIMON - EuroS&P'18 - London 6

  7. 24 April 18 Laurent SIMON - EuroS&P'18 - London 7

  8. Question 1 Why are C compilers allowed to remove the calls? 24 April 18 Laurent SIMON - EuroS&P'18 - London 8

  9. C89/90/99/11 “An actual implementation need not evaluate part of an expression if it can deduce that its value is not used and that no needed side effects are produced" 24 April 18 Laurent SIMON - EuroS&P'18 - London 9

  10. 24 April 18 Laurent SIMON - EuroS&P'18 - London 10

  11. 24 April 18 Laurent SIMON - EuroS&P'18 - London 11

  12. 24 April 18 Laurent SIMON - EuroS&P'18 - London 12

  13. 24 April 18 Laurent SIMON - EuroS&P'18 - London 13

  14. 24 April 18 Laurent SIMON - EuroS&P'18 - London 14

  15. Takeaway message (1) I. C standard is not suited to express security guarantees relying on controlling side effects of code 24 April 18 Laurent SIMON - EuroS&P'18 - London 15

  16. Side Effects in Cryptography ● Side channels: ● Examples: timing, power, energy, EM ● Hardening techniques: ● Bit scattering ● Fault injection (e.g., rowhammer) ● See paper for more 24 April 18 Laurent SIMON - EuroS&P'18 - London 16

  17. Question 2 How do programmers attempt to control side effects today; and are they successful? 24 April 18 Laurent SIMON - EuroS&P'18 - London 17

  18. Talk outline ● Compiler Optimizations and Side Effects ● Example: constant-time choose ● Proposed Solution and Evaluation ● Conclusion 24 April 18 Laurent SIMON - EuroS&P'18 - London 18

  19. Goal: for all inputs, execution time is the same Goal => resistant to timing side channels 24 April 18 Laurent SIMON - EuroS&P'18 - London 19

  20. Constant-time requirements 1. No branching on sensitive data 24 April 18 Laurent SIMON - EuroS&P'18 - London 20

  21. 24 April 18 Laurent SIMON - EuroS&P'18 - London 21

  22. 24 April 18 Laurent SIMON - EuroS&P'18 - London 22

  23. 24 April 18 Laurent SIMON - EuroS&P'18 - London 23

  24. 24 April 18 Laurent SIMON - EuroS&P'18 - London 24

  25. 24 April 18 Laurent SIMON - EuroS&P'18 - London 25

  26. Constant-time requirements 1. No branching on sensitive data 2. Same data access pattern for all inputs 24 April 18 Laurent SIMON - EuroS&P'18 - London 26

  27. 24 April 18 Laurent SIMON - EuroS&P'18 - London 27

  28. 24 April 18 Laurent SIMON - EuroS&P'18 - London 28

  29. 24 April 18 Laurent SIMON - EuroS&P'18 - London 29

  30. 24 April 18 Laurent SIMON - EuroS&P'18 - London 30

  31. 24 April 18 Laurent SIMON - EuroS&P'18 - London 31

  32. 24 April 18 Laurent SIMON - EuroS&P'18 - London 32

  33. 24 April 18 Laurent SIMON - EuroS&P'18 - London 33

  34. 24 April 18 Laurent SIMON - EuroS&P'18 - London 34

  35. 24 April 18 Laurent SIMON - EuroS&P'18 - London 35

  36. 24 April 18 Laurent SIMON - EuroS&P'18 - London 36

  37. condition = false, return FalseVal 24 April 18 Laurent SIMON - EuroS&P'18 - London 37

  38. $clang-3.0 -O[0,1,2,3] ✓ 24 April 18 Laurent SIMON - EuroS&P'18 - London 38

  39. $clang-3.0 -O[1,2,3]  24 April 18 Laurent SIMON - EuroS&P'18 - London 39

  40. 24 April 18 Laurent SIMON - EuroS&P'18 - London 40

  41. $clang-3.0 -O[0,1,2,3] ✓ 24 April 18 Laurent SIMON - EuroS&P'18 - London 41

  42.  $clang-3.3 -O[2,3] 24 April 18 Laurent SIMON - EuroS&P'18 - London 42

  43. Observation: newer versions of compilers may be less reliable than older versions for controlling side effects 24 April 18 Laurent SIMON - EuroS&P'18 - London 43

  44. Takeaway message (2) I. C abstract standard is not suited to express security guarantees relying on controlling side effects of code II. Developers are left fighting the compiler through obfuscation to control side effects. This must stop: we must make C compilers our allies, not our enemies. 24 April 18 Laurent SIMON - EuroS&P'18 - London 44

  45. Talk outline ● Compiler Optimizations and Side Effects ● Example: constant-time choose ● Proposed Solution and Evaluation ● Conclusion 24 April 18 Laurent SIMON - EuroS&P'18 - London 45

  46. Proposed Solution ● Adding support into the compilers 24 April 18 Laurent SIMON - EuroS&P'18 - London 46

  47. Proposed Solution ● Adding support into the compilers ● Expose support to developers explicitly - Examples: pragma, annotations, flags, attributes, new functions, etc 24 April 18 Laurent SIMON - EuroS&P'18 - London 47

  48. Proposed Solution ● Adding support into the compilers ● Expose support to developers explicitly - Examples: pragma, annotations, flags, attributes, new functions, etc - Better communication has improved performance (e.g., SIMD attributes, restrict keyword), so will it help control side effects 24 April 18 Laurent SIMON - EuroS&P'18 - London 48

  49. Proposed Solution ● Adding support into the compilers ● Expose support to developers explicitly - Examples: pragma, annotations, flags, attributes, new functions, etc - Better communication has improved performance (e.g., SIMD attributes, restrict keyword), so will it help control side effects ● EuroLLVM 2018: general support for extensions that better express programmer intent 24 April 18 Laurent SIMON - EuroS&P'18 - London 49

  50. Implementation ● Two steps towards our goal: – Secret erasure for stack and registers: see paper – Constant-time choose() ● Clang/LLVM framework 24 April 18 Laurent SIMON - EuroS&P'18 - London 50

  51. 24 April 18 Laurent SIMON - EuroS&P'18 - London 51

  52. Constant-time choose() Type __builtin_ct_choose( bool cond, Type TrueVal, Type FalseVal); 24 April 18 Laurent SIMON - EuroS&P'18 - London 52

  53. Constant-time choose() Type __builtin_ct_choose( bool cond, Type TrueVal, Type FalseVal); OpenSSL defines 37 functions 24 April 18 Laurent SIMON - EuroS&P'18 - London 53

  54. Runtime overhead 1 Runtime overhead (# CPU cycles) 0.75 OpenSSL choose __builtin_ct_choose 0.5 0.25 0 X25519 Montgomery ladder 24 April 18 Laurent SIMON - EuroS&P'18 - London 54

  55. Takeaway message (3) I. C abstract standard is not suited to express security guarantees relying on controlling side effects of code II. Developers are left fighting the compiler through obfuscation to control side effects. This must stop: we must make C compilers our allies, not our enemies. III. Explicit compiler support will empower developers 24 April 18 Laurent SIMON - EuroS&P'18 - London 55

  56. Conclusion ● C standard not appropriate to control side effects ● Arms race between compiler writers and developers/cryptographers must stop ● Compiler support and expose it to developers ● Ton of work, with real impact ● Long journey: compiler, developers, OS, hardware (e.g., power side effects) 24 April 18 Laurent SIMON - EuroS&P'18 - London 56

  57. Thanks! Questions? Reference implementations: https://github.com/lmrs2/ct_choose https://github.com/lmrs2/zerostack Laurent Simon l.simon@samsung.com https://sites.google.com/view/laurent-simon/ 24 April 18 Laurent SIMON - EuroS&P'18 - London 57

Recommend

Reporting medicines side effects The Yellow Card Scheme Worried about side effects? If you are

Reporting medicines side effects The Yellow Card Scheme Worried about side effects? If you are

Reporting medicines side effects The Yellow Card Scheme Worried about side effects? If you are worried about a symptom you think may be a side effect: 1. Check the leaflet supplied with the medicine. It lists known side effects and advises you

592 views • 11 slides
THE INCIDENCE AND COSTS OF THE INCIDENCE AND COSTS OF CHEMOTHERAPY SIDE EFFECTS CHEMOTHERAPY

THE INCIDENCE AND COSTS OF THE INCIDENCE AND COSTS OF CHEMOTHERAPY SIDE EFFECTS CHEMOTHERAPY

THE INCIDENCE AND COSTS OF THE INCIDENCE AND COSTS OF CHEMOTHERAPY SIDE EFFECTS CHEMOTHERAPY SIDE EFFECTS Alison Pearce - PhD candidate Centre for Health Economics Research and Evaluation, UTS Supervisors: Marion Haas, Rosalie Viney CAER 2013

414 views • 37 slides
MY MEDICATION MADE ME DO IT: SIDE EFFECTS ASSOCIATED WITH ANTIPSYCHOTICS Learning Objectives

MY MEDICATION MADE ME DO IT: SIDE EFFECTS ASSOCIATED WITH ANTIPSYCHOTICS Learning Objectives

MY MEDICATION MADE ME DO IT: SIDE EFFECTS ASSOCIATED WITH ANTIPSYCHOTICS Learning Objectives Explore the neurobiological bases of various side effects (including cardiometabolic and movement disorders) associated with use of antipsychotics

592 views • 26 slides
Expressions Imperative prg : Statements have just vs side-effects, no value: (for, if, break)

Expressions Imperative prg : Statements have just vs side-effects, no value: (for, if, break)

Every expression results in a value (+side-effects?): 1+2, str.length(), f(x)+1 Expressions Imperative prg : Statements have just vs side-effects, no value: (for, if, break) statements Assignment is statement/expression depending

363 views • 18 slides
Known Side Effects of Biomedical Engineering R I C H A R D L A W R E N C E U N I V E R S I T Y

Known Side Effects of Biomedical Engineering R I C H A R D L A W R E N C E U N I V E R S I T Y

Known Side Effects of Biomedical Engineering R I C H A R D L A W R E N C E U N I V E R S I T Y O F Q U E E N S L A N D & M A T E R H E A L T H S E R V I C E S School and Early Life Always liked to play with (read break)

483 views • 17 slides
medication errors? Editor Meylers Side Effects of Drugs West Midlands Centre for Jeffrey

medication errors? Editor Meylers Side Effects of Drugs West Midlands Centre for Jeffrey

Do we have a commo mmon understanding of me medication errors? Editor Meylers Side Effects of Drugs West Midlands Centre for Jeffrey Aronson ADRs Co-editor: Stephens Detection and Side Effects of Evaluation of Adverse Drugs Annuals

492 views • 32 slides
The Yellow Card Scheme: Reporting Medicine Side Effects If you are worried about a symptom you

The Yellow Card Scheme: Reporting Medicine Side Effects If you are worried about a symptom you

The Yellow Card Scheme: Reporting Medicine Side Effects If you are worried about a symptom you think may be a side effect. 1. Check the leaflet supplied with the medicine 2. Talk to your doctor or pharmacist 3. You can also get

138 views • 10 slides
Monads Lecture 12 Prof. Aiken CS 264 Lecture 12 1 Monads A language without side

Monads Lecture 12 Prof. Aiken CS 264 Lecture 12 1 Monads A language without side

Monads Lecture 12 Prof. Aiken CS 264 Lecture 12 1 Monads A language without side effects cant do I/O Side effects are critical in some applications For expressiveness and/or efficiency Haskell has a general mechanism

681 views • 31 slides
Health versus Wealth: On the Distributional Effects of Controlling a Pandemic Andrew Glover

Health versus Wealth: On the Distributional Effects of Controlling a Pandemic Andrew Glover

Health versus Wealth: On the Distributional Effects of Controlling a Pandemic Andrew Glover Jonathan Heathcote Dirk Krueger Jose-Victor Rios- Rull Bank of England April 16 2020 Federal Reserve Bank of Kansas City Federal Reserve Bank of

490 views • 37 slides
New Patient Chemotherapy Class What you need to know Class video available online: A class for

New Patient Chemotherapy Class What you need to know Class video available online: A class for

Today well talk about How chemotherapy works How to prevent and manage side effects What to do if you get side effects What to expect when you come in for treatment New Patient Chemotherapy Class What you need to know Class

524 views • 8 slides
Side Effects - New Methods for predicting Multiple CYP Metabolic Sites and Off-target

Side Effects - New Methods for predicting Multiple CYP Metabolic Sites and Off-target

Predictive Cheminformatics Strategies for Anticipating Good and Bad Side Effects - New Methods for predicting Multiple CYP Metabolic Sites and Off-target Polypharmacology Curt M. Breneman*, Kristin P. Bennett, Jed Zaretzki, Mark Embrechts,

773 views • 59 slides
Patients understanding of the potential side effects, effectiveness and required safety

Patients understanding of the potential side effects, effectiveness and required safety

Patients understanding of the potential side effects, effectiveness and required safety monitoring of their current disease modifying therapy Julie Taylor, Chisha Weerasinghe, Tom Button York Teaching Hospitals NHS Trust Method Scripted

277 views • 12 slides
Disclosures Updates on Oncologic I have nothing to disclose Emergencies, Including Side Effects

Disclosures Updates on Oncologic I have nothing to disclose Emergencies, Including Side Effects

6/20/2019 Disclosures Updates on Oncologic I have nothing to disclose Emergencies, Including Side Effects of New Therapies Gerald Hsu, MD, PhD Assoc. Clinical Professor of Medicine University of California, San Francisco Hypercalcemia | Old

382 views • 10 slides
M&S in Preclinical Development Predicting thyroid hormones side effects in human from

M&S in Preclinical Development Predicting thyroid hormones side effects in human from

M&S in Preclinical Development Predicting thyroid hormones side effects in human from preclinical toxicity studies EMA/EFPIA M&S Workshop BOS1, 1 December 2011 Sandra Visser Global Network Leader Non-Clinical Modeling & Simulation

596 views • 14 slides
Detecting Side-effects via Electronic Medical Records with a case study in the Correlation of

Detecting Side-effects via Electronic Medical Records with a case study in the Correlation of

Detecting Side-effects via Electronic Medical Records with a case study in the Correlation of Parkinsons Disease with the use of Lipophilic Beta-Blockers He Zhang Assistant Professor Dept. of Information Systems & Decision Sciences,

348 views • 14 slides
Side wall effects in Rayleigh B enard experiments P.-E. Roche 1 , 3 , a , B. Castaing 1 , 2 , B.

Side wall effects in Rayleigh B enard experiments P.-E. Roche 1 , 3 , a , B. Castaing 1 , 2 , B.

Eur. Phys. J. B 24 , 405408 (2001) T HE E UROPEAN DOI: P HYSICAL J OURNAL B EDP Sciences c Societ` a Italiana di Fisica Springer-Verlag 2001 Side wall effects in Rayleigh B enard experiments P.-E. Roche 1 , 3 , a , B. Castaing 1 ,

535 views • 4 slides
CONTRACEPTION MANAGEMENT Mary Stark, DNP, FNP OBJECTIVES Describe common side effects,

CONTRACEPTION MANAGEMENT Mary Stark, DNP, FNP OBJECTIVES Describe common side effects,

CONTRACEPTION MANAGEMENT Mary Stark, DNP, FNP OBJECTIVES Describe common side effects, contraindications, and special conditions of birth control methods Identify expert resources, including patient handouts, on contraception found on

1.12k views • 65 slides
That Old Goan STORY No OPPORTUNITY for Locals The side effects of Progress and

That Old Goan STORY No OPPORTUNITY for Locals The side effects of Progress and

That Old Goan STORY No OPPORTUNITY for Locals The side effects of Progress and Urbanisation Paradise Re-Found Paradise Re-Found 1. Time felt different here, less pressured, more relaxing, less stressful, more conducive to Wellbeing,

194 views • 18 slides
Highly Preliminary Please do not quote Catching up: the role of demand and supply side effects on

Highly Preliminary Please do not quote Catching up: the role of demand and supply side effects on

Highly Preliminary Please do not quote Catching up: the role of demand and supply side effects on the real exchange rates of accession countries. Ronald MacDonald a Cezary Wjcik b Abstract The main aim of the paper is to examine the exchange

451 views • 29 slides
R&D: Getting Hackers Laid* *Other side effects may include better quality software Paul J.

R&D: Getting Hackers Laid* *Other side effects may include better quality software Paul J.

Introduction Growing User Base Growing Developer Base Cross Platform Getting Formal? R&D: Getting Hackers Laid* *Other side effects may include better quality software Paul J. Adams, Research Zealot, Sirius Corporation PLC August 10,

705 views • 22 slides
BISPHOSPHONATES: Benefits, Risks, and Patient Protections Suzanne Robotti SIDE EFFECTS Legal

BISPHOSPHONATES: Benefits, Risks, and Patient Protections Suzanne Robotti SIDE EFFECTS Legal

BISPHOSPHONATES: Benefits, Risks, and Patient Protections Suzanne Robotti SIDE EFFECTS Legal Fear Protection 25% of all new drugs have black box or significant warnings within 5 years. How to Update a Drug Label: Changes Being

306 views • 19 slides
Markowitz Portfolio Theory What If Side Effects . . . Helps Decrease Medicines Applications

Markowitz Portfolio Theory What If Side Effects . . . Helps Decrease Medicines Applications

The Main Idea Behind . . . Example A Similar Idea Works . . . How Markowitz . . . Markowitz Portfolio Theory What If Side Effects . . . Helps Decrease Medicines Applications to . . . This Idea Also Works! Side Effect and Speed Up

446 views • 32 slides
Tutorial 3 Loops Side Effects 1 CS 136 Spring 2020 Tutorial 3 Loops: for loops &

Tutorial 3 Loops Side Effects 1 CS 136 Spring 2020 Tutorial 3 Loops: for loops &

Tutorial 3 Loops Side Effects 1 CS 136 Spring 2020 Tutorial 3 Loops: for loops & while loops Using a loop to solve a problem is called iteration . while is similar to if statements but while repeatedly loops back and

457 views • 8 slides
IC220 Set #7: Controlling the Single Cycle Implementation (Chapter Four) 1 Control Selecting

IC220 Set #7: Controlling the Single Cycle Implementation (Chapter Four) 1 Control Selecting

IC220 Set #7: Controlling the Single Cycle Implementation (Chapter Four) 1 Control Selecting the and controlling the based on the Outline: 1. Overview 2. Controlling the ALU 3. Controlling multiplexors and register writes 2

482 views • 15 slides

More recommend