Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
This 18-minute conference talk from POPL 2025 examines how compilers can undermine security countermeasures against side-channel attacks. Discover research by Santiago Arranz Olmos, Gilles Barthe, Lionel Blatter, Benjamin Gregoire, and Vincent Laporte that demonstrates how even verified compilers like CompCert and Jasmin fail to preserve speculative constant-time properties, leaving programs vulnerable to Spectre-v1 attacks. The presentation provides concrete examples of secure programs that lose their protection during compilation with GCC and Jasmin, then introduces a proof-of-concept compiler with formal verification in Coq that preserves speculative constant-time properties. Learn how the researchers patched the Jasmin speculative constant-time type checker, allowing cryptographic implementations to be secured with minimal modifications. The talk includes demonstrations of formal software verification techniques, security models, and compiler design principles relevant to protecting against timing-based side-channel vulnerabilities.
