Overview

Private or confidential information is used in several applications, including not just cryptographic implementations but also machine-learning algorithms, databases, and parsers. However, even after using techniques like encryption, authentication, and isolation, it is difficult to maintain the privacy or confidentiality of such information due to so-called side channels, using which attackers can infer sensitive information by monitoring program execution. Various side channels such as execution time, power consumption, exceptions, or micro-architectural components such as caches and branch predictors have been used to steal intellectual property, financial information, and sensitive document contents.

In this talk, I will present our work on closing a broad class of side channels in a diverse set of applications running on modern microprocessors. Compared to prior solutions, which close an isolated number of side channels, our solution closes digital side channels (such as cache, address trace, and branch predictor) which carry information over discrete bits. Our solution also extends the capabilities of non-digital side-channel defenses, specifically power channel defenses, to a broad class of applications running on modern microprocessors. Finally, our solution is customizable, since it permits the defense to be tailored to the threat model, the program, and the microarchitecture.

[Slides]