ORIGAMI: Folding Data Structures to Reduce Timing Side-Channel Leakage

Timing channels in a program allow attackers to infer secret information being processed. To avoid introducing timing channels, programmers should follow Constant-Time Programming (CTP) guidelines or rely on repair tools that prevent leakage of information via timing channels. Existing repair tools prevent this leakage when programs have branches or loops whose behaviour depends on secrets; however, these repair tools do not efficiently prevent the leakage that occurs if the program accesses a data structure using secret indices. In this work, we present ORIGAMI, a set of repair rules to enforce constant read/write operations on fixed-size, multidimensional data structures so that accessing them via secret indices does not leak information. We implement ORIGAMI as a series of LLVM optimisation passes and evaluate ORIGAMI with programs from Tomcrypt and GDK libraries. Evaluation with the repaired programs using an accurate simulator (GEM5) confirms that our approach indeed repairs the timing channels in practice.