BLACKOUT: Making software both memory-safe and free from side-channel leaks

What is it about?

Side channels are indirect way a hacker can spy on a computer program—for example, by measuring how long it takes to run, or watching how it uses the CPU cache. These tiny clues can reveal sensitive information like encryption keys which must remain secret for encrypted data to remain private. Memory safety is another long-standing problem. If a program reads or writes memory incorrectly, it can open the door to attacks that steal data, crash systems, or take control of software. Unfortunately, most of today’s foundational software is written in C and C++, program languages that are not memory-safe by default. BLACKOUT is a system that tackles both problems at once. It extends CHERI, a hardware architecture that enforces memory safety, with a new feature called blinded capabilities. These capabilities track when data is secret and ensure it is only manipulated in ways that cannot leak information through timing or memory-access patterns.

Featured Image

Photo by Studio Pizza on Unsplash

Photo by Studio Pizza on Unsplash

Why is it important?

Constant-time code is the main way to avoid side-channel leaks: it behaves the same way no matter what the secret data is. But writing constant-time code is notoriously difficult. Even when developers get it right, compilers or hardware optimizations can accidentally re-introduce leaks—and these problems are often invisible until after an attack happens. At the same time, the world is trying to move toward memory-safe software. Regulators and cybersecurity agencies increasingly encourage using memory-safe languages like Rust or or to new hardware that enforces memory safety, like the CHERI architecture BLACKOUT is based on. Rust helps with memory safety, but rewriting decades of C/C++ is unrealistic. and Rust’s abstractions can make constant-time coding even trickier. Rust’s abstractions can also make constant-time coding even trickier. Unlike memory bugs, which usually cause crashes and get noticed, side-channel flaws often fail silently. You might not know anything is wrong until after a hacker steals data. BLACKOUT is based on the observation that side-channel resistance isn’t just about software. It’s about the whole system: hardware and software together. Its blinded capabilities mark secret data and ensure the CPU handles it in a strictly data-oblivious way—meaning the program’s behavior cannot depend on the secret. The CPU uses “blindedness bits” to track secret values as they are operated on inside the processor, and any computation based on them remains marked as secret. Secret data can only be written to “blinded” memory using the correct type of capability. If a program tries to use secret data in a way that could leak it—such as to pick a control-flow branch or as a memory address—the CPU blocks the action immediately. Instead of silently leaking secrets, the program fails fast. This cuts off entire classes of side-channel leaks at the root and makes writing constant-time code much more reliable—and far less error-prone—than current approaches.

Perspectives