An Instrumenting Compiler for Enforcing Confidentiality in Low-Level Code

Brahmakshatriya, Ajay; Kedia, Piyus; McKee, Derrick Paul; Bhatu, Pratik; Garg, Deepak; Lal, Akash; Rastogi, Aseem

Local TagsRelease HistoryDetailsSummary

An Instrumenting Compiler for Enforcing Confidentiality in Low-Level Code

Brahmakshatriya, A., Kedia, P., McKee, D. P., Bhatu, P., Garg, D., Lal, A., et al. (2017). An Instrumenting Compiler for Enforcing Confidentiality in Low-Level Code. Retrieved from http://arxiv.org/abs/1711.11396.

Item is Released

show all hide all

Basic

show hide

Item Permalink: https://hdl.handle.net/21.11116/0000-0000-AC98-3 Version Permalink: https://hdl.handle.net/21.11116/0000-0000-AC99-2

Genre: Paper

Files

show Files

hide Files

:

arXiv:1711.11396.pdf (Preprint), 775KB

View Save

File Permalink:
https://hdl.handle.net/21.11116/0000-0000-AC9A-1

Name:
arXiv:1711.11396.pdf

Description:
File downloaded from arXiv at 2018-02-23 13:44

OA-Status:

Visibility:
Public

MIME-Type / Checksum:
application/pdf / [MD5]

Technical Metadata:

View

Copyright Date:
-

Copyright Info:
-

License:
http://arxiv.org/help/license

Locators

show

Creators

show

hide

Creators:
Brahmakshatriya, Ajay¹, Author
Kedia, Piyus¹, Author
McKee, Derrick Paul¹, Author
Bhatu, Pratik¹, Author
Garg, Deepak², Author
Lal, Akash¹, Author
Rastogi, Aseem¹, Author

Affiliations:
1External Organizations, ou_persistent22
2Group D. Garg, Max Planck Institute for Software Systems, Max Planck Society, ou_2105289

Content

show

hide

Free keywords: Computer Science, Programming Languages, cs.PL

Abstract: We present an instrumenting compiler for enforcing data confidentiality in low-level applications (e.g. those written in C) in the presence of an active adversary. In our approach, the programmer marks secret data by writing lightweight annotations on top-level definitions in the source code. The compiler then uses a static flow analysis coupled with efficient runtime instrumentation, a custom memory layout, and custom control-flow integrity checks to prevent data leaks even in the presence of low-level attacks. We have implemented our scheme as part of the LLVM compiler. We evaluate it on the SPEC micro-benchmarks for performance, and on larger, real-world applications (including OpenLDAP, which is around 300KLoC) for programmer overhead required to restructure the application when protecting the sensitive data such as passwords. We find that performance overheads introduced by our instrumentation are moderate (average 12% on SPEC), and the programmer effort to port OpenLDAP is only about 160 LoC.

Details

show

hide

Language(s): eng - English

Dates: Created: 2017-11-30Modified: 2017-12-01Published Online: 2017

Publication Status: Published online

Pages: 14 p.

Publishing info: -

Table of Contents: -

Rev. Type: -

Identifiers: arXiv: 1711.11396
URI: http://arxiv.org/abs/1711.11396

Degree: -

Event

show

Legal Case

show

Project information

show

Source

show