CIDPro: Custom Instructions for Dynamic Program Diversification

TL;DR

CIDPro introduces a dynamic program diversification framework using custom instructions and FPGA implementation to significantly reduce timing side-channel leakage in embedded systems with minimal performance and hardware overhead.

Contribution

It presents a novel framework integrating LLVM and RISC-V for automatic custom instruction generation to mitigate timing side-channel attacks.

Findings

Achieves 80-86% reduction in timing side-channel capacity.

Imposes only 1% hardware area overhead.

Maintains acceptable performance overhead.

Abstract

Timing side-channel attacks pose a major threat to embedded systems due to their ease of accessibility. We propose CIDPro, a framework that relies on dynamic program diversification to mitigate timing side-channel leakage. The proposed framework integrates the widely used LLVM compiler infrastructure and the increasingly popular RISC-V FPGA soft-processor. The compiler automatically generates custom instructions in the security critical segments of the program, and the instructions execute on the RISC-V custom co-processor to produce diversified timing characteristics on each execution instance. CIDPro has been implemented on the Zynq7000 XC7Z020 FPGA device to study the performance overhead and security tradeoffs. Experimental results show that our solution can achieve 80% and 86% timing side-channel capacity reduction for two benchmarks with an acceptable performance overhead compared to existing solutions. In addition, the proposed method incurs only a negligible hardware area overhead of 1% slices of the entire RISC-V system.