This repository contains the proof-of-concept implementation of Zebrafix. Zebrafix is a compiler-based tool to harden implementations against memory-centric side-channel attacks. It employs interleaving of (secret) data with counters to ensure freshness of memory writes.
The repository contains three main components:
- The fork of LLVM with necessary adjustments to support interleaving via a "zebra" type generator and a custom clang function attribute (
clang::zebra). Additionally, there is a back end extension to prefer spilling to vector registers over spilling to the stack, based on an implementation proposed by Matthias Braun. The instructions for building LLVM apply. zebrafix-passes: A set of out-of-tree passes that operate on LLVM-IR level to provide the mitigation implementation.memwrite-tracer: A memory access tracer to assess occurrences of repeated memory writes in the instrumented binary.
The Zebrafix workflow looks as follows (see plugin init in zebrafix-passes): When a library is instrumented, LLVM checks for clang::zebra attributes. The annotated functions and all their callees are then included in the instrumentation scope. Then, all needed functionality for interleaving preparations is added (structs for 16-byte types; globally accessible counter; adjustments to identified structs, global variables, and constant expression GEPs). With the help of SVF (Version 3.0) pointer tracking, Zebrafix then identifies base types that are hidden behind opaque pointer information. Heap allocations and compiler intrinsics like memcpy or memset are adjusted before the main interleaving building block is applied.
Please note that applying interleaving to target implementations is not straightforward and might necessitate manual source code adjustments and lots of debugging. Examples of this include but might not be limited to: using non-type-safe conversions/applying certain compiler instrinsics to variables whose base type cannot be infered, and calculating the block size of data to be processed via pointer arithmetic.
For an extended description of the proof-of-concept and more discussion of interleaving as a side-channel mitigation please refer to our paper (to appear at RAID 2025):
Anna Pätschke, Jan Wichelmann, and Thomas Eisenbarth. 2025. Zebrafix: Mitigating Memory-Centric Side-Channel Leakage via Interleaving. In 28th International Symposium on Research in Attacks, Intrusions and Defenses (RAID '25). [Link] [DOI] [Preprint]
The project is based on LLVM and subject to the same license.