Hardware-Software Contracts for Secure Speculation

by   Marco Guarnieri, et al.

Since the discovery of Spectre, a large number of hardware mechanisms for secure speculation have been proposed. Intuitively, more defensive mechanisms are less efficient but can securely execute a larger class of programs, while more permissive mechanisms may offer more performance but require more defensive programming. Unfortunately, there are no hardware-software contracts that would turn this intuition into a basis for principled co-design. In this paper, we put forward a framework for specifying such contracts, and we demonstrate its expressiveness and flexibility: On the hardware side, we use the framework to provide the first formalization and comparison of the security guarantees provided by a representative class of mechanisms for secure speculation. On the software side, we use the framework to characterize program properties that guarantee secure co-design in two scenarios traditionally investigated in isolation: (1) ensuring that a benign program does not leak information while computing on confidential data, and (2) ensuring that a potentially malicious program cannot read outside of its designated sandbox. Finally, we show how the properties corresponding to both scenarios can be checked based on existing tools for software verification, and we use them to validate our findings on executable code.



There are no comments yet.


page 1

page 2

page 3

page 4


Compositional Security for Reentrant Applications

The disastrous vulnerabilities in smart contracts sharply remind us of o...

Fine-Grained, Language-Based Access Control for Database-Backed Applications

Context: Database-backed applications often run queries with more author...

Provably Secure Isolation for Interruptible Enclaved Execution on Small Microprocessors: Extended Version

Computer systems often provide hardware support for isolation mechanisms...

On Secure and Usable Program Obfuscation: A Survey

Program obfuscation is a widely employed approach for software intellect...

Extending programs with debug-related features, with application to hardware development

The capacity and programmability of reconfigurable hardware such as FPGA...

Swivel: Hardening WebAssembly against Spectre

We describe Swivel, a new compiler framework for hardening WebAssembly (...

Universal Composability is Secure Compilation

Universal composability is a framework for the specification and analysi...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.