NemesisGuard: Mitigating interrupt latency side channel attacks with static binary rewriting

Abstract

Internet of Things (IoT) is becoming integrated into nearly every aspect of our modern life. Indeed, exploitation of such devices can directly lead to physical consequences in the real world. Previous work has shown that IoT devices can be compromised by exploits in lower software layers such as the Operating System (OS). Embedded Trusted Execution Environments (TEEs) provide a small Trusted Computing Base (TCB) to protect sensitive codes and data in such devices. TEEs assume a strong threat model where even a privileged attacker (e.g. OS) cannot compromise the confidentiality and integrity of the execution. Nevertheless, it has been shown that side channel attacks make it challenging to keep secrets during application execution.Interrupt latency side channel attacks (a.k.a. Nemesis) are a novel type of timing attacks that target embedded TEEs and extract application secrets from them. Nemesis attacks exploit the CPU’s interrupt mechanism to reveal microarchitectural instruction timings from embedded TEEs. Specifically, the attacker measures the latency of a precisely timed interrupt to differentiate between secret-dependent branches. In this paper, we present NemesisGuard, the first mitigation mechanism against such side channel attacks that does not require a modified compiler or hardware and can protect COTS binaries without access to source code. NemesisGuard applies a novel static binary instrumentation technique to balance secret-dependent branches in IoT application binaries. Evaluation of NemesisGuard shows that it mitigates Nemesis side channel attacks effectively and efficiently.