New Models for Understanding and Reasoning about Speculative Execution Attacks

by   Zecheng He, et al.

Spectre and Meltdown attacks and their variants exploit hardware performance optimization features to cause security breaches. Secret information is accessed and leaked through covert or side channels. New attack variants keep appearing and we do not have a systematic way to capture the critical characteristics of these attacks and evaluate why they succeed or fail. In this paper, we provide a new attack-graph model for reasoning about speculative execution attacks. We model attacks as ordered dependency graphs, and prove that a race condition between two nodes can occur if there is a missing dependency edge between them. We define a new concept, "security dependency", between a resource access and its prior authorization operation. We show that a missing security dependency is equivalent to a race condition between authorization and access, which is a root cause of speculative execution attacks. We show detailed examples of how our attack graph models the Spectre and Meltdown attacks, and is generalizable to all the attack variants published so far. This attack model is also very useful for identifying new attacks and for generalizing defense strategies. We identify several defense strategies with different performance-security tradeoffs. We show that the defenses proposed so far all fit under one of our defense strategies. We also explain how attack graphs can be constructed and point to this as promising future work for tool designers.


page 1

page 2

page 3

page 4


SoK: Hardware Defenses Against Speculative Execution Attacks

Speculative execution attacks leverage the speculative and out-of-order ...

SPECTECTOR: Principled Detection of Speculative Information Flows

Since the advent of SPECTRE, a number of countermeasures have been propo...

SoK: Analysis of Root Causes and Defense Strategies for Attacks on Microarchitectural Optimizations

Microarchitectural optimizations are expected to play a crucial role in ...

A Retrospective and Futurespective of Rowhammer Attacks and Defenses on DRAM

Rowhammer has drawn much attention from both academia and industry in th...

A critique of the DeepSec Platform for Security Analysis of Deep Learning Models

At IEEE S&P 2019, the paper "DeepSec: A Uniform Platform for Security An...

Less is More: Exploiting Social Trust to Increase the Effectiveness of a Deception Attack

Cyber attacks such as phishing, IRS scams, etc., still are successful in...

Zebra: Deeply Integrating System-Level Provenance Search and Tracking for Efficient Attack Investigation

System auditing has emerged as a key approach for monitoring system call...

Please sign up or login with your details

Forgot password? Click here to reset