Search papers, labs, and topics across Lattice.
The paper introduces DISARM, a novel joint hardware-software methodology that mitigates runtime side-channel vulnerabilities by leveraging timing values from actual embedded devices to inform targeted software fixes. This approach addresses the limitations of existing solutions, which often overlook the hardware context, leading to inefficiencies and potential failures in mitigation. DISARM demonstrates superior performance compared to state-of-the-art techniques, achieving reduced execution time overhead, minimized code size overhead, and improved correctness across 22 benchmarks on various embedded devices.
Targeted software fixes informed by real device timing can significantly enhance the effectiveness of side-channel vulnerability mitigations.
Program runtime or timing attacks exploit variations in a program's execution times to extract sensitive information from the program (e.g. encryption keys, sensitive variable data, intellectual property). State-of-the-art solutions to runtime side-channel attacks attempt to balance the execution time of the sensitive code for different control flow paths to eliminate the timing leakage. However, during the mitigation process, most techniques do not consider the underlying hardware or device on which the target program is supposed to run on. This can lead to over-fixing (unnecessary extra operations), under-fixing (not solving the imbalance properly), and even failures. We propose DISARM, a joint hardware-software methodology (unlike any existing solution) for mitigating runtime side-channel vulnerabilities that utilizes timing values from real embedded devices to generate targeted software fixes. We implement DISARM to support C, C++, and Java source codes and validate it across 22 standard benchmarks. DISARM outperforms state-of-the-art solutions such as PENDULUM and DifFuzzAR in terms of execution time overhead, code size overhead, and correctness on five different embedded or edge devices.