Ricerc@Sapienza

Even in absence of vulnerabilities at the software level, a program may be subject to information disclosure vulnerabilities that are caused by the inner level of abstractions it relies on. A side-channel attack observes side effects of the underlying levels of abstractions to infer the processed data. This means that, for example, in the case of cryptographic implementations of provably secure algorithms, free of bugs, a side-channel attack may infer the secret keys used in the algorithm. In contrast to traditional attacks, which target, e.g., algorithms, protocols, or implementation errors, side-channel attacks assume bug-free and correct implementations.
In the era of microarchitectural side channels, vendors scramble to deploy mitigations for transient execution attacks but leave traditional side-channel attacks against sensitive software (e.g., crypto programs) to be fixed by developers by means of constant-time programming (i.e., absence of secret-dependent code/data patterns). Unfortunately, writing constant-time code by hand is hard, as evidenced by the many flaws discovered in production side-channel resistant code.
Building on recent research I authored in the area I plan to tackle the ambitious goal of developing program transformations to automatically harden applications against side-channels and transient execution attacks, by transforming the code during compilation to ensure that the program does not expose any information on the secret data that is computing on.