2025-07-03, 14:20–14:40 (Europe/Paris), Amphitheater 122
You meticulously craft constant-time code to protect against side-channel attacks—only to have your compiler silently sabotage it. Optimization passes, designed to make code faster, can introduce timing leaks, violating security guarantees in ways developers never intended. But which optimizations are responsible? And how can you stop them without rewriting the compiler itself?
In this talk, we investigate the mystery behind compiler-induced constant-time violations. We analyze real-world examples from GCC and LLVM, exposing how specific optimizations betray security assumptions. More importantly, we provide practical solutions: which compiler flags can mitigate these leaks, and what is the real cost of securing your compiled code?
Your compiler may not be your friend—but with the right knowledge, you can stop it from turning against you.
I am a PhD student in the Spirals team at Inria Lille. My main research focus is on microarchitectural side-channel vulnerabilities, how they manifest in software and how to find them.