A Formal Approach to Secure Speculation

Cheang, Kevin; Rasmussen, Cameron; Seshia, Sanjit A.; Subramanyan, Pramod

doi:10.1109/csf.2019.00027

Cited by 54 publications

(60 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our operational semantics formalizes the execution of source programs on a pipelined processor and thus enables source-level reasoning about speculation-based information leaks. In contrast to previous semantics for speculative execution Cheang et al 2019;Guarnieri et al 2020;McIlroy et al 2019], our processor abstract machine does not operate directly on fully compiled assembly programs. Instead, our processor translates highlevel commands into low-level instructions just in time, by converting individual commands into corresponding instructions in the first stage of the processor pipeline.…”

Section: A Jit-step Semantics For Speculationmentioning

confidence: 98%

“…Speculative Execution Semantics. Several semantics models for speculative execution have been proposed recently Cheang et al 2019;Disselkoen et al 2019;Guanciale et al 2020;Guarnieri et al 2020;McIlroy et al 2019]. Of those, ] is closest to ours, and inspired our semantics (e.g., we share the 3-stages pipeline, attacker-supplied directives and the instruction reorder buffer).…”

Section: Related Workmentioning

confidence: 99%

“…Spectector [Guarnieri et al 2020] and Pitchfork ] use symbolic execution on x86 binaries to detect speculative vulnerabilities. Cheang et al [2019] and Bloem et al [2019] apply bounded model checking to detect potential speculative vulnerabilities respectively via 4-ways self-composition and taint-tracking. These efforts assume a fixed speculation bound, and they focus on vulnerability detection rather than proposing techniques to repair vulnerable programs.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Automatically eliminating speculative leaks from cryptographic code with blade

Vassena

Disselkoen

Gleissenthall

et al. 2021

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

We introduce Blade, a new approach to automatically and efficiently eliminate speculative leaks from cryptographic code. Blade is built on the insight that to stop leaks via speculative execution, it suffices to cut the dataflow from expressions that speculatively introduce secrets ( sources ) to those that leak them through the cache ( sinks ), rather than prohibit speculation altogether. We formalize this insight in a static type system that (1) types each expression as either transient , i.e., possibly containing speculative secrets or as being stable , and (2) prohibits speculative leaks by requiring that all sink expressions are stable. Blade relies on a new abstract primitive, protect , to halt speculation at fine granularity. We formalize and implement protect using existing architectural mechanisms, and show how Blade’s type system can automatically synthesize a minimal number of protect s to provably eliminate speculative leaks. We implement Blade in the Cranelift WebAssembly compiler and evaluate our approach by repairing several verified, yet vulnerable WebAssembly implementations of cryptographic primitives. We find that Blade can fix existing programs that leak via speculation automatically , without user intervention, and efficiently even when using fences to implement protect .

show abstract

Section: A Jit-step Semantics For Speculationmentioning

confidence: 98%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Automatically eliminating speculative leaks from cryptographic code with blade

Vassena

Disselkoen

Gleissenthall

et al. 2021

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

“…Many other security properties can be expressed in HyperPLTL. While we cannot describe them in detail due to limited space, a few examples are unique program execution checking [15], speculative non-interference [22], secure speculation [9], security of authenticated load [34], enclave measurement injectivity [44] etc. Note that most of the above properties involve only two traces, therefore in the rest of the paper the presentation will assume 2-trace properties.…”

Section: Variants Of Secure Information Flow and Noninterferencementioning

confidence: 99%

Hyperfuzzing for SoC security validation

Muduli

Takhar

Subramanyan

2020

Proceedings of the 39th International Conference on Computer-Aided Design

Self Cite

View full text Add to dashboard Cite

“…Recent years have seen significant progress in automated and semi-automated techniques for the verification of security requirements of computer systems [4,10,16,19,30,47,50,55]. Much of this progress has built on the theory of hyperproperties [21], and these have been used extensively in analysis of whether systems satisfy secure information flow properties [1,2,6,8,15,28,35,37,39,49,57] such as observational determinism [41,55] and non-interference [32]. Unfortunately, the security specification of several important security primitives cannot be captured by secure information flow properties like observational determinism.…”

Section: Introductionmentioning

confidence: 99%

Verification of Quantitative Hyperproperties Using Trace Enumeration Relations

Sahai

Subramanyan

Sinha

2020

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Many important cryptographic primitives offer probabilistic guarantees of security that can be specified as quantitative hyperproperties; these are specifications that stipulate the existence of a certain number of traces in the system satisfying certain constraints. Verification of such hyperproperties is extremely challenging because they involve simultaneous reasoning about an unbounded number of different traces. In this paper, we introduce a technique for verifying quantitative hyperproperties based on the notion of trace enumeration relations. These relations allow us to reduce the problem of trace-counting into one of modelcounting of formulas in first-order logic. We also introduce a set of inference rules for machine-checked reasoning about the number of satisfying solutions to first-order formulas (aka model counting). Putting these two components together enables semi-automated verification of quantitative hyperproperties on infinite-state systems. We use our methodology to prove confidentiality of access patterns in Path ORAMs of unbounded size, soundness of a simple interactive zero-knowledge proof protocol as well as other applications of quantitative hyperproperties studied in past work.

show abstract

A Formal Approach to Secure Speculation

Cited by 54 publications

References 42 publications

Automatically eliminating speculative leaks from cryptographic code with blade

Automatically eliminating speculative leaks from cryptographic code with blade

Hyperfuzzing for SoC security validation

Verification of Quantitative Hyperproperties Using Trace Enumeration Relations

Contact Info

Product

Resources

About