Mitigating timing side-channel attacks by obscuring accesses to sensitive data
A virtualization service that hosts multiple guests may provide utilities for use in protecting sensitive or secret information from timing side-channel attacks by obscuring accesses to data structures that have been designated as potential targets of such attacks. The service may provide a compiler...
Saved in:
Main Author | |
---|---|
Format | Patent |
Language | English |
Published |
15.12.2020
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | A virtualization service that hosts multiple guests may provide utilities for use in protecting sensitive or secret information from timing side-channel attacks by obscuring accesses to data structures that have been designated as potential targets of such attacks. The service may provide a compiler or analysis tool that identifies data structures within an application that contain, or that are indexed using, sensitive or secret information. The compiler may modify the application code (or an executable representation thereof) to obscure accesses to particular elements in the data structures. For example, the layout or indexing of a sensitive data structure may be scrambled during execution, or elements of multiple data structures may be interleaved within a single, merged data structure. The scrambling may be performed using an unpredictable address translation function (e.g., one that is parameterized during initialization using a random number obtained at runtime), which may be subsequently modified (e.g., periodically). |
---|---|
Bibliography: | Application Number: US201514715345 |