论文标题
部分可观测时空混沌系统的无模型预测
Preventing Timing Side-Channels via Security-Aware Just-In-Time Compilation
论文作者
论文摘要
最近的工作表明,即时(JIT)汇编可以将定时侧通道引入恒定时间的程序,否则这将是反对时机攻击的原则性和有效手段。在本文中,我们提出了一种新的方法来消除这些程序引起的JIT引起的泄漏。具体而言,我们介绍了JIT编译下的恒定时间程序的操作语义和正式定义,为通过JIT编译的程序奠定了基础。然后,我们建议通过精细粒度的JIT汇编消除JIT引起的泄漏,为此我们提供一种自动化的方法来生成策略和新型类型的系统以显示其健全性。我们根据我们的方法为Java开发了一种工具DeJitleak,并在热点中实现了细粒度的JIT汇编。实验结果表明,Dejitleak可以有效,有效地消除了在侧通道检测中使用的三个数据集上的JIT引起的泄漏
Recent work has shown that Just-In-Time (JIT) compilation can introduce timing side-channels to constant-time programs, which would otherwise be a principled and effective means to counter timing attacks. In this paper, we propose a novel approach to eliminate JIT-induced leaks from these programs. Specifically, we present an operational semantics and a formal definition of constant-time programs under JIT compilation, laying the foundation for reasoning about programs with JIT compilation. We then propose to eliminate JIT-induced leaks via a fine-grained JIT compilation for which we provide an automated approach to generate policies and a novel type system to show its soundness. We develop a tool DeJITLeak for Java based on our approach and implement the fine-grained JIT compilation in HotSpot. Experimental results show that DeJITLeak can effectively and efficiently eliminate JIT-induced leaks on three datasets used in side-channel detection
