Exorcising Spectres with Secure Compilers

10/18/2019
by   Marco Guarnieri, et al.
0

Speculative execution has been demonstrated to leak information about execution in case the speculation is ill-informed. This has lead to the Spectre family of attacks (i.e., Spectre v1, v2 and rbr) and the related compiler-inserted countermeasures. Spectre (v1) and the speculative semantics needed to express it has been recently formalised in a number of works, so we have the techniques to formally express a Spectre-like violation. However, the correctness (and security) of compiler-inserted Spectre countermeasures has not been ascertained yet. Even worse, while some of the existing countermeasures seem to be secure, others are known to be insecure and still leave vulnerabilities to Spectre. We want to investigate whether existing compilers are effectively secure against Spectre attacks or not. For this, we build on recent secure compilation theory telling that a compiler is secure when it preserves certain classes of (hyper)properties. In fact, Spectre-like attacks are violations of speculative non-interference, a non-interference-like property, which is a 2-Hypersafety property. We aim to show that certain compiler countermeasures preserve any 2-Hypersafety property and therefore are secure against Spectre. On the other hand, we want to demonstrate that other compilers do not preserve speculative non-interference, and as such they do not defend against Spectre. We believe this is the first step towards talking about compiler security against the whole Spectre family of attacks.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
07/17/2023

Secure Composition of Robust and Optimising Compilers

To ensure that secure applications do not leak their secrets, they are r...
research
04/02/2018

Robustly Safe Compilation or, Efficient, Provably Secure Compilation

Secure compilers generate compiled code that withstands many target- lev...
research
07/11/2019

Trace-Relating Compiler Correctness and Secure Compilation

Compiler correctness is, in its simplest form, defined as the inclusion ...
research
06/16/2022

Adaptive versus Static Multi-oracle Algorithms, and Quantum Security of a Split-key PRF

In the first part of the paper, we show a generic compiler that transfor...
research
01/15/2021

Secure Optimization Through Opaque Observations

Secure applications implement software protections against side-channel ...
research
08/27/2018

Persistent Stochastic Non-Interference

In this paper we present an information flow security property for stoch...
research
01/15/2019

Translation Validation for Security Properties

Secure compilation aims to build compilation chains that preserve securi...

Please sign up or login with your details

Forgot password? Click here to reset