obliv-clang: Real-World Oblivious Programming in C++
2026-06-15 • Programming Languages
Programming LanguagesCryptography and Security
AI summaryⓘ
The authors created a tool called obliv-clang that helps programmers check if their C++ programs protect secret data from being leaked through timing or access patterns. This tool works with complex C++ features like nested pointers and fits well with real-world code, making sure programs run efficiently. They developed rules for the tool and mathematically proved these rules are reliable. The authors also tested their tool on tricky programs and found it can produce faster results than earlier methods.
side-channel attacksoblivious programmingtiming attacksaccess patternsC++compilation-time checkingnested pointersformal proofperformance optimization
Authors
Yunqian Luo, Mingyu Gao
Abstract
Side-channel vulnerabilities, particularly timing and access-pattern-based attacks, have become critical issues for confidential data processing in trusted environments. Oblivious programming is an effective approach to alleviate these attacks by making program execution not leak any secret through execution time and data access traces. To facilitate oblivious programming in practice, we propose a compilation-time checking tool, obliv-clang, which can comprehensively check the obliviousness of a program written in C++. It is designed to support the rich language features in C++, including the complicated concept of arbitrarily nested pointers, in order to seamlessly work with existing industry-level codebases and produce high-performance compiled binaries with minimum compilation overheads. We design a set of rules in obliv-clang and formally prove their soundness in the presence of complicated C++ language features. We also implement several non-trivial oblivious algorithms as case studies to demonstrate the expressiveness of obliv-clang, and show that programs compiled using obliv-clang can outperform previous solutions.