Please use this identifier to cite or link to this item:
https://hdl.handle.net/10356/145789
Full metadata record
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Fell, Alexander | en_US |
dc.contributor.author | Pham, Hung Thinh | en_US |
dc.contributor.author | Lam, Siew-Kei | en_US |
dc.date.accessioned | 2021-01-08T01:46:36Z | - |
dc.date.available | 2021-01-08T01:46:36Z | - |
dc.date.issued | 2019 | - |
dc.identifier.citation | Fell, A., Pham, H. T., & Lam, S.-K. (2019). TAD : time side-channel attack defense of obfuscated source code. Proceedings of the 24th Asia and South Pacific Design Automation Conference, 58-63. doi:10.1145/3287624.3287694 | en_US |
dc.identifier.isbn | 9781450360074 | - |
dc.identifier.uri | https://hdl.handle.net/10356/145789 | - |
dc.description.abstract | Program obfuscation is widely used to protect commercial software against reverse-engineering. However, an adversary can still download, disassemble and analyze binaries of the obfuscated code executed on an embedded System-on-Chip (SoC), and by correlating execution times to input values, extract secret information from the program. In this paper, we show (1) the impact of widely-used obfuscation methods on timing leakage, and (2) that well-known software countermeasures to reduce timing leakage of programs, are not always effective for low-noise environments found in embedded systems. We propose two methods for mitigating timing leakage in obfuscated codes. The first is a compiler driven method, called TAD, which removes conditional branches with distinguishable execution times for an input program. In the second method (TADCI), TAD is combined with dynamic hardware diversity by replacing primitive instructions with Custom Instructions (CIs) that exhibit non-deterministic execution times at runtime. Experimental results on the RISC-V platform show that the information leakage is reduced by 92% and 82% when TADCI is applied to the original and obfuscated source code, respectively. | en_US |
dc.description.sponsorship | National Research Foundation (NRF) | en_US |
dc.language.iso | en | en_US |
dc.relation | NRF2016NCR-NCR001-006 | en_US |
dc.rights | © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The published version is available at: https://doi.org/10.1145/3287624.3287694 | en_US |
dc.subject | Engineering::Computer science and engineering | en_US |
dc.title | TAD : time side-channel attack defense of obfuscated source code | en_US |
dc.type | Conference Paper | en |
dc.contributor.school | School of Computer Science and Engineering | en_US |
dc.contributor.conference | 24th Asia and South Pacific Design Automation Conference | en_US |
dc.contributor.research | CYSREN | en_US |
dc.identifier.doi | 10.1145/3287624.3287694 | - |
dc.description.version | Accepted version | en_US |
dc.identifier.spage | 58 | en_US |
dc.identifier.epage | 63 | en_US |
dc.subject.keywords | Security | en_US |
dc.subject.keywords | Software Obfuscation | en_US |
dc.description.acknowledgement | The research described in this paper has been supported by the National Research Foundation, Singapore under grant number NRF2016NCR-NCR001-006. | en_US |
item.fulltext | With Fulltext | - |
item.grantfulltext | open | - |
Appears in Collections: | SCSE Conference Papers |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
2019 Fell - TAD Time Side-Channel Attack Defense of Obfuscated Source Code.pdf | 693.25 kB | Adobe PDF | View/Open |
SCOPUSTM
Citations
50
8
Updated on Mar 28, 2024
Web of ScienceTM
Citations
20
6
Updated on Oct 30, 2023
Page view(s)
382
Updated on Mar 28, 2024
Download(s) 20
204
Updated on Mar 28, 2024
Google ScholarTM
Check
Altmetric
Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.