Obelix: Mitigating Side-Channels Through Dynamic Obfuscation

• URL: http://arxiv.org/abs/2509.18909v1
• Date: Tue, 23 Sep 2025 12:32:51 GMT
• Title: Obelix: Mitigating Side-Channels Through Dynamic Obfuscation
• Authors: Jan Wichelmann, Anja Rabich, Anna P"atschke, Thomas Eisenbarth,
• Abstract summary: We take a holistic view at the vulnerabilities of TEEs and design a tool named Obelix.<n>Obelix is the first to protect both code and data against a wide range of TEE attacks.
• Score: 8.043868787597109
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Trusted execution environments (TEEs) offer hardware-assisted means to protect code and data. However, as shown in numerous results over the years, attackers can use side-channels to leak data access patterns and even single-step the code. While the vendors are slowly introducing hardware-based countermeasures for some attacks, others will stay unaddressed. This makes a software-level countermeasure desirable, but current available solutions only address very specific attack vectors or have a narrow leakage model. In this work, we take a holistic view at the vulnerabilities of TEEs and design a tool named Obelix, which is the first to protect both code and data against a wide range of TEE attacks, from cache attacks over single-stepping to ciphertext side-channels. We analyze the practically achievable precision of state-of-the-art single-stepping tools, and present an algorithm which uses that knowledge to divide a program into uniform code blocks, that are indistinguishable for a strong attacker. By storing these blocks and the program data in oblivious RAM, the attacker cannot follow execution, effectively protecting both secret code and data. We describe how we automate our approach to make it available for developers who are unfamiliar with side-channels. As an obfuscation tool, Obelix comes with a considerable performance overhead, but compensates this with strong security guarantees and easy applicability without requiring any expert knowledge.

Related papers

• Bag of Tricks for Subverting Reasoning-based Safety Guardrails [62.139297207938036]
  We present a bag of jailbreak methods that subvert the reasoning-based guardrails.<n>Our attacks span white-, gray-, and black-box settings and range from effortless template manipulations to fully automated optimization.
  arXiv  Detail & Related papers  (2025-10-13T16:16:44Z)
• Decompiling Smart Contracts with a Large Language Model [51.49197239479266]
  Despite Etherscan's 78,047,845 smart contracts deployed on (as of May 26, 2025), a mere 767,520 ( 1%) are open source.<n>This opacity necessitates the automated semantic analysis of on-chain smart contract bytecode.<n>We introduce a pioneering decompilation pipeline that transforms bytecode into human-readable and semantically faithful Solidity code.
  arXiv  Detail & Related papers  (2025-06-24T13:42:59Z)
• Benchmarking Misuse Mitigation Against Covert Adversaries [80.74502950627736]
  Existing language model safety evaluations focus on overt attacks and low-stakes tasks.<n>We develop Benchmarks for Stateful Defenses (BSD), a data generation pipeline that automates evaluations of covert attacks and corresponding defenses.<n>Our evaluations indicate that decomposition attacks are effective misuse enablers, and highlight stateful defenses as a countermeasure.
  arXiv  Detail & Related papers  (2025-06-06T17:33:33Z)
• CipherGuard: Compiler-aided Mitigation against Ciphertext Side-channel Attacks [26.849878609957386]
  CipherGuard is a compiler-based mitigation tool to counteract ciphertext side channels with high efficiency and security guarantees.<n>In its most efficient strategy, CipherGuard incurs an average performance overhead of only 1.41X, with a maximum of 1.95X.
  arXiv  Detail & Related papers  (2025-02-19T03:22:36Z)
• A Scheduling-Aware Defense Against Prefetching-Based Side-Channel Attacks [16.896693436047137]
  Speculative loading of memory, called prefetching, is common in real-world CPUs. Prefetching can be exploited to bypass process isolation and leak secrets, such as keys used in RSA, AES, and ECDH implementations. We implement our countermeasure for an x86_64 and an ARM processor.
  arXiv  Detail & Related papers  (2024-10-01T07:12:23Z)
• An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection [17.948513691133037]
  We introduce CodeBreaker, a pioneering LLM-assisted backdoor attack framework on code completion models. By integrating malicious payloads directly into the source code with minimal transformation, CodeBreaker challenges current security measures.
  arXiv  Detail & Related papers  (2024-06-10T22:10:05Z)
• LeapFrog: The Rowhammer Instruction Skip Attack [5.285478567449658]
  We present a new type of Rowhammer gadget, called a LeapFrog gadget, which allows an adversary to subvert code execution.<n>The LeapFrog gadget manifests when the victim code stores the Program Counter (PC) value in the user or kernel stack.<n>This research also presents a systematic process to identify LeapFrog gadgets.
  arXiv  Detail & Related papers  (2024-04-11T16:10:16Z)
• Weak-to-Strong Jailbreaking on Large Language Models [92.52448762164926]
  Large language models (LLMs) are vulnerable to jailbreak attacks.<n>Existing jailbreaking methods are computationally costly.<n>We propose the weak-to-strong jailbreaking attack.
  arXiv  Detail & Related papers  (2024-01-30T18:48:37Z)
• Code Polymorphism Meets Code Encryption: Confidentiality and Side-Channel Protection of Software Components [0.0]
  PolEn is a toolchain and a processor architecturethat combine countermeasures in order to provide an effective mitigation of side-channel attacks. Code encryption is supported by a processor extension such that machineinstructions are only decrypted inside the CPU. Code polymorphism is implemented by software means. It regularly changes the observablebehaviour of the program, making it unpredictable for an attacker.
  arXiv  Detail & Related papers  (2023-10-11T09:16:10Z)
• Downstream-agnostic Adversarial Examples [66.8606539786026]
  AdvEncoder is first framework for generating downstream-agnostic universal adversarial examples based on pre-trained encoder. Unlike traditional adversarial example works, the pre-trained encoder only outputs feature vectors rather than classification labels. Our results show that an attacker can successfully attack downstream tasks without knowing either the pre-training dataset or the downstream dataset.
  arXiv  Detail & Related papers  (2023-07-23T10:16:47Z)
• Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection [67.53296659361598]
  adversarial EXEmples can bypass machine learning-based detection by perturbing relatively few input bytes. We develop a unifying framework that does not only encompass and generalize previous attacks against machine-learning models, but also includes three novel attacks. These attacks, named Full DOS, Extend and Shift, inject the adversarial payload by respectively manipulating the DOS header, extending it, and shifting the content of the first section.
  arXiv  Detail & Related papers  (2020-08-17T07:16:57Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.