• Corpus ID: 244527420

SoK: Practical Foundations for Software Spectre Defenses

  title={SoK: Practical Foundations for Software Spectre Defenses},
  author={Sunjay Cauligi and Craig Disselkoen and Daniel Moghimi and Gilles Barthe and Deian Stefan},
—Spectre vulnerabilities violate our fundamental as- sumptions about architectural abstractions, allowing attackers to steal sensitive data despite previously state-of-the-art counter- measures. To defend against Spectre, developers of verification tools and compiler-based mitigations are forced to reason about microarchitectural details such as speculative execution. In order to aid developers with these attacks in a principled way, the re- search community has sought formal foundations for… 

Figures from this paper


InSpectre: Breaking and Fixing Microarchitectural Vulnerabilities by Formal Analysis
A model targeting single core processors is presented that incorporates microarchitectural features that underpin all known Spectre vulnerabilities and is used to elucidate the security of existing and new vulnerabilities, as well as to formally analyze the effectiveness of proposed countermeasures.
Specfuscator: Evaluating Branch Removal as a Spectre Mitigation
This paper explores a novel principled Spectre mitigation that sits at the other end of the scale: the absence of conditional and indirect branches, and demonstrates the feasibility of Spectre defenses that eliminate branches and indicate good performances.
oo7: Low-Overhead Defense Against Spectre Attacks via Program Analysis
The Spectre vulnerability in modern processors has been widely reported. The key insight in this vulnerability is that speculative execution in processors can be misused to access the secrets.
Spectre is here to stay: An analysis of side-channels and speculative execution
It is believed that speculative vulnerabilities on today's hardware defeat all language-enforced confidentiality with no known comprehensive software mitigations, as it is discovered that untrusted code can construct a universal read gadget to read all memory in the same address space through side-channels.
A Systematic Evaluation of Transient Execution Attacks and Defenses
A systematization of transient execution attacks yields a more complete picture of the attack surface and allows for a more systematic evaluation of defenses, discovering that most defenses cannot fully mitigate all attack variants.
Cats vs. Spectre: An Axiomatic Approach to Modeling Speculative Execution Attacks
This work uses the CAT modeling language for memory consistency to specify execution models that capture speculative control flow, store-to-load forwarding, predictive store forwarding, and memory ordering machine clears, and can be rapidly extended to allow the framework to detect new types of attacks and validate defenses against them.
Spectre Returns! Speculation Attacks using the Return Stack Buffer
This paper introduces a new Spectre-class attack that is based on exploiting the return stack buffer (RSB), a common predictor structure in modern CPUs used to predict return addresses, and recommends that this patch should be used on all machines to protect against SpectreRSB.
Hunting the Haunter - Efficient Relational Symbolic Execution for Spectre with Haunted RelSE
This work proposes an optimization, coined Haunted RelSE, that allows scalable detection of Spectre vulnerabilities at binary level and proves the optimization semantically correct w.r.t. the more naive explicit speculative exploration approach used in state-of-the-art tools.
Swivel: Hardening WebAssembly against Spectre
Swivel hardens Wasm against Spectre attacks by ensuring that potentially malicious code can neither use Spectre attacks to break out of the Wasm sandbox nor coerce victim code—another Wasm client or the embedding process—to leak secret data.
SpecCFI: Mitigating Spectre Attacks using CFI Informed Speculation
This paper proposes to use Control-Flow Integrity (CFI), a security technique used to stop control-flow hijacking attacks, on the committed path, to prevent speculative control- flow from being hijacked to launch the most dangerous variants of the Spectre attacks.