MicroProfiler: Principled Side-Channel Mitigation through Microarchitectural Profiling.

Preventing information leakage through microarchitectural side channels is notoriously challenging and, as a result, an important research question. Recent work has shown the viability of compiler-assisted instruction balancing for small, embedded processors with deterministic timing behavior. However, even in such small processors, more subtle microarchitectural side channels continue to be discovered, complicating mitigation efforts. We propose a methodology for augmenting an existing instruction set architecture (ISA) specification with instruction-specific microarchitectural leakage traces obtained through principled microarchitectural profiling. Building on this augmented ISA, it becomes possible to construct software tools to detect and mitigate certain side-channel vulnerabilities. As a case study, we instantiate our methodology on a recently uncovered microarchitectural side channel, which is based on cycle-level timing differences of direct memory access (DMA) requests on 16-bit openMSP430 processors. Using the augmented ISA obtained for this side channel through microarchitectural profiling, we develop practical attack scenarios and extend a state-of-the-art compiler-based mitigation and a binary validation tool, both of which originally targeted a coarser-grained, instruction-granular side channel. Our benchmarks show that our extended compiler mitigation, while still mitigating the instruction-granular leakage, also eliminates the cycle-accurate DMA information leakage without incurring any additional overhead.