Search papers, labs, and topics across Lattice.
This paper introduces obliv-clang, a compilation-time checking tool that ensures the obliviousness of C++ programs to mitigate side-channel vulnerabilities like timing and access-pattern attacks. By supporting complex C++ features, including nested pointers, obliv-clang integrates seamlessly with existing codebases while maintaining high performance and minimal compilation overhead. The authors validate their approach through formal proofs and case studies, demonstrating that programs compiled with obliv-clang outperform previous solutions in terms of efficiency and security.
Obliv-clang enables high-performance C++ programming without leaking sensitive data through execution patterns, outperforming traditional solutions.
Side-channel vulnerabilities, particularly timing and access-pattern-based attacks, have become critical issues for confidential data processing in trusted environments. Oblivious programming is an effective approach to alleviate these attacks by making program execution not leak any secret through execution time and data access traces. To facilitate oblivious programming in practice, we propose a compilation-time checking tool, obliv-clang, which can comprehensively check the obliviousness of a program written in C++. It is designed to support the rich language features in C++, including the complicated concept of arbitrarily nested pointers, in order to seamlessly work with existing industry-level codebases and produce high-performance compiled binaries with minimum compilation overheads. We design a set of rules in obliv-clang and formally prove their soundness in the presence of complicated C++ language features. We also implement several non-trivial oblivious algorithms as case studies to demonstrate the expressiveness of obliv-clang, and show that programs compiled using obliv-clang can outperform previous solutions.