Octal: Efficient Automatic Data-Oblivious Program Transformations to Eliminate Side-Channel Leakage

During the 1970s, a curious class of programs called data-oblivious algorithms started to catch the attention of researchers because of the numerous applications they enabled due to their unique properties. In particular, data-oblivious algorithms execute independently from their input data. In the context of secure applications, data-oblivious algorithms prevent an attacker from learning information about the data an algorithm is processing by observing that algorithm's execution. However, programmers often avoid these algorithms because they require a highly stylized form of programming, resulting in a potentially error-prone design and implementation process. In addition, data-oblivious programs are often less efficient than their native counterparts due to their inability to employ data-dependent heuristics. To address these potential problems and facilitate the adoption of data-oblivious programming, we present Octal, a tool that automates the design and implementation of data-oblivious programs. Octal streamlines the development of data-oblivious algorithms by automating data-oblivious transformations into the compiler. Moreover, Octal facilitates the development of efficient data-oblivious algorithms using a guided transformation mechanism that effectively navigates the algorithm design space. We evaluate Octal's ability to transform native workloads from the VIP-Bench benchmark suite and show that Octal reduces the lines of programmer-written code by an average of 19.5%, compared to manual conversion. Using case studies, we demonstrate how Octal's guided transformations can optimize an inefficient data-oblivious algorithm. Further, we use Channelizer, a side-channel validation tool, to show that Octal-generated code contains no program-level side channels. By automating data-oblivious transformation and providing guidance on program performance, Octal can aid programmers in developing more secure and efficient programs.