What you get is what you C: Controlling side effects in mainstream C compilers
http://www.cl.cam.ac.uk/~rja14/Papers/whatyouc.pdf [www.cl.cam.ac.uk]
2018-05-17 18:29
tags:
c
crypto
defense
development
paper
pdf
perf
programming
security
sidechannel
Our work explores what is actually involved in controlling side effects on modern CPUs with a standard toolchain. Similar techniques can and should be applied to other security properties; achieving intentions by compiler commands or annotations makes them explicit, so we can reason about them. It is already understood that explicitness is essential for cryptographic protocol security and for compiler performance; it is essential for language security too. We therefore argue that this should be only the first step in a sustained engineering effort.