🤖 AI Summary
This work addresses the side-channel risks in C++ programs executing within trusted execution environments, where sensitive information may be leaked through timing and memory access patterns. To mitigate this, the authors present obliv-clang, the first compile-time static verification tool capable of enforcing obliviousness for industrial-scale C++ code, including complex features such as arbitrarily nested pointers. The approach formalizes C++ semantics and introduces a comprehensive set of provably correct obliviousness-checking rules, integrated into the Clang compiler to enable efficient static analysis. Experimental evaluation demonstrates that obliv-clang correctly verifies several non-trivial oblivious algorithms, produces binaries with superior performance compared to existing solutions, and incurs minimal compilation overhead.
📝 Abstract
Side-channel vulnerabilities, particularly timing and access-pattern-based attacks, have become critical issues for confidential data processing in trusted environments. Oblivious programming is an effective approach to alleviate these attacks by making program execution not leak any secret through execution time and data access traces. To facilitate oblivious programming in practice, we propose a compilation-time checking tool, obliv-clang, which can comprehensively check the obliviousness of a program written in C++. It is designed to support the rich language features in C++, including the complicated concept of arbitrarily nested pointers, in order to seamlessly work with existing industry-level codebases and produce high-performance compiled binaries with minimum compilation overheads. We design a set of rules in obliv-clang and formally prove their soundness in the presence of complicated C++ language features. We also implement several non-trivial oblivious algorithms as case studies to demonstrate the expressiveness of obliv-clang, and show that programs compiled using obliv-clang can outperform previous solutions.