Modern embedded systems manage sensitive data increasingly often through cryptographic primitives. In this context, side-channel attacks, such as power analysis, represent a concrete threat, regardless of the mathematical strength of a cipher. Evaluating the resistance against power analysis of cryptographic implementations and preventing it, are tasks usually ascribed to the expertise of the system designer. This paper introduces a new security-oriented data-flow analysis assessing the vulnerability level of a cipher with bit-level accuracy. A general and extensible compiler-based tool was implemented to assess the instruction resistance against power-based side-channels. The tool automatically instantiates the essential masking countermeasures, yielding a ×2.5 performance speedup w.r.t. protecting the entire code.