SeMPE: Secure Multi Path Execution Architecturefor Removing Conditional Branch Side Channels
Hosted in Virtual Platform
Embedded and Cross-Layer Security
DescriptionOne prevalent source of side channel vulnerabilities is the secret-dependent behavior of conditional branches (SDBCB). The state-of-the-art solution relies on Constant-Time Expressions, which require high programming effort and incur high performance overheads. In this paper, we propose SeMPE, an architecture support to eliminate SDBCB without requiring much programming effort while incurring low performance overheads. When a secret-dependent branch is encountered, SeMPE fetches, executes, and commits both paths of the branch, preventing the adversary from inferring secret values from the branching behavior of the program. SeMPE outperforms code generated by FaCT, a constant-time expression language, by up to 18×.