Mitigating timing side-channel attacks by obscuring accesses to sensitive data

A virtualization service that hosts multiple guests may provide utilities for use in protecting sensitive or secret information from timing side-channel attacks by obscuring accesses to data structures that have been designated as potential targets of such attacks. The service may provide a compiler...

Full description

Saved in:
Bibliographic Details
Main Author Pohlack, Martin Thomas
Format Patent
LanguageEnglish
Published 15.12.2020
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online AccessGet full text

Cover

More Information
Summary:A virtualization service that hosts multiple guests may provide utilities for use in protecting sensitive or secret information from timing side-channel attacks by obscuring accesses to data structures that have been designated as potential targets of such attacks. The service may provide a compiler or analysis tool that identifies data structures within an application that contain, or that are indexed using, sensitive or secret information. The compiler may modify the application code (or an executable representation thereof) to obscure accesses to particular elements in the data structures. For example, the layout or indexing of a sensitive data structure may be scrambled during execution, or elements of multiple data structures may be interleaved within a single, merged data structure. The scrambling may be performed using an unpredictable address translation function (e.g., one that is parameterized during initialization using a random number obtained at runtime), which may be subsequently modified (e.g., periodically).
Bibliography:Application Number: US201514715345