The SEAL project is an ERC funded Consolidator Grant. It tackles the challenge to developed tools that are sophisticated enough to predict a range of side channel leakage behaviours for modern processors. SEAL stands for Sound and Early Assessment of Leakage for Embedded Software. The backdrop behind the project is the fact that many embedded software developers are not crypto or side channel specialists (and vice versa most crypto or side channel specialists don’t do industrial grade embedded software development). The idea behind SEAL is then to develop tools that embedded software developers can use to pinpoint side channel vulnerabilities in the code that they develop. Such tools will need to fit into the typical “software design flow” (we understand that this implies that they need to take C and/or assembly level code as input), and that they need to be able to point towards instructions that leak.
SEAL’s proposal was based on research that we published at Usenix in 2017 right at the start of the project. This research proposes a statistical technique based on assessing the leakage of some simple software kernels (i.e. instruction triplets of a specific nature) using F-tests to ascertain the functional form and contributions of a good range of ARM Thumb instructions. We used the resulting leakage models to build the first “next generation” leakage simulator called ELMO (Emulating Leaks for the ARM M0), and released this as open source here. In the first phase of this project we then took ELMO’s initial design (which was rather monolithic as ELMO is a prototype) and created a more flexible and modular version of it called GILES.