Fun with flags: How Compilers Break and Fix Constant-Time Code
Action | Key |
---|---|
Play / Pause | K or space |
Mute / Unmute | M |
Toggle fullscreen mode | F |
Select next subtitles | C |
Select next audio track | A |
Toggle automatic slides maximization | V |
Seek 5s backward | left arrow |
Seek 5s forward | right arrow |
Seek 10s backward | shift + left arrow or J |
Seek 10s forward | shift + right arrow or L |
Seek 60s backward | control + left arrow |
Seek 60s forward | control + right arrow |
Seek 1 frame backward | alt + left arrow |
Seek 1 frame forward | alt + right arrow |
Decrease volume | shift + down arrow |
Increase volume | shift + up arrow |
Decrease playback rate | < |
Increase playback rate | > |
Seek to end | end |
Seek to beginning | beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
You meticulously craft constant-time code to protect against side-channel attacks—only to have your compiler silently sabotage it. Optimization passes, designed to make code faster, can introduce timing leaks, violating security guarantees in ways developers never intended. But which optimizations are responsible? And how can you stop them without rewriting the compiler itself? In this talk, we investigate the mystery behind compiler-induced constant-time violations. We analyze real-world examples from GCC and LLVM, exposing how specific optimizations betray security assumptions. More importantly, we provide practical solutions: which compiler flags can mitigate these leaks, and what is the real cost of securing your compiled code? Your compiler may not be your friend—but with the right knowledge, you can stop it from turning against you.
Other media in the channel "2025"
10 views, 10 this year, 10 this monthEXADPrinter: Exhaustive Permissionless Device Fingerprinting Within the Android EcosystemJuly 3rd, 2025
7 views, 7 this year, 7 this monthMetadata Protection in Instant Messaging Applications: a ReviewJuly 3rd, 2025
4 views, 4 this year, 4 this monthThe Even Darker Web - Dirty tricks and questionable code choices on some of the world's largest websitesJuly 4th, 2025
13 views, 13 this year, 13 this monthAnalyzing Microarchitectural Side-Channel Attacks Using Open-source gem5 simulatorJuly 3rd, 2025
11 views, 11 this year, 11 this monthSecrets at Sea: Hunting Exposed Code & Container RegistriesJuly 3rd, 2025
9 views, 9 this year, 9 this monthRootAsRole: Simplifying Linux Privileges and Fortifying Ansible DeploymentsJuly 3rd, 2025