Title :
On Subnormal Floating Point and Abnormal Timing
Author :
Andrysco, Marc ; Kohlbrenner, David ; Mowery, Keaton ; Jhala, Ranjit ; Lerner, Sorin ; Shacham, Hovav
Author_Institution :
Dept. of Comput. Sci. & Eng., Univ. of California, San Diego, La Jolla, CA, USA
Abstract :
We identify a timing channel in the floating point instructions of modern x86 processors: the running time of floating point addition and multiplication instructions can vary by two orders of magnitude depending on their operands. We develop a benchmark measuring the timing variability of floating point operations and report on its results. We use floating point data timing variability to demonstrate practical attacks on the security of the Fire fox browser (versions 23 through 27) and the Fuzz differentially private database. Finally, we initiate the study of mitigations to floating point data timing channels with libfixedtimefixedpoint, a new fixed-point, constant-time math library. Modern floating point standards and implementations are sophisticated, complex, and subtle, a fact that has not been sufficiently recognized by the security community. More work is needed to assess the implications of the use of floating point instructions in security-relevant software.
Keywords :
adders; cryptography; floating point arithmetic; multiplying circuits; Fire fox browser; Fuzz differentially private database; abnormal timing; cryptography; fixed-point constant-time math library; floating point addition instructions; floating point data timing channels; floating point data timing variability; floating point multiplication instructions; floating point operations; floating point standards; libfixedtimefixedpoint; modern x86 processors; operands; running time; security attacks; subnormal floating point; Browsers; Libraries; Program processors; Security; Standards; Timing;
Conference_Titel :
Security and Privacy (SP), 2015 IEEE Symposium on
Conference_Location :
San Jose, CA
