BliMe Linter

TL;DR

This paper introduces BliMe, a hardware extension for secure outsourced computation, and presents a compiler-based linter to verify that code adheres to security policies preventing data leaks through timing and memory access patterns.

Contribution

The paper presents the BliMe linter, a novel compiler extension that analyzes LLVM bitcode to detect potential security violations in BliMe-enabled hardware.

Findings

The BliMe linter is sound in detecting violations.

Empirical evaluation shows effectiveness of the linter.

The approach helps developers verify secure code for BliMe hardware.

Abstract

Outsourced computation presents a risk to the confidentiality of clients' sensitive data since they have to trust that the service providers will not mishandle this data. Blinded Memory (BliMe) is a set of hardware extensions that addresses this problem by using hardware-based taint tracking to keep track of sensitive client data and enforce a security policy that prevents software from leaking this data, either directly or through side channels. Since programs can leak sensitive data through timing channels and memory access patterns when this data is used in control-flow or memory access instructions, BliMe prohibits such unsafe operations and only allows constant-time code to operate on sensitive data. The question is how a developer can confirm that their code will run correctly on BliMe. While a program can be manually checked to see if it is constant-time, this process is tedious and error-prone. In this paper, we introduce the BliMe linter, a set of compiler extensions built on top of SVF that analyze LLVM bitcode to identify possible BliMe violations. We evaluate the BliMe linter analytically and empirically and show that it is sound.