Skip to Main content Skip to Navigation
New interface
Conference papers

Hunting the Haunter -Efficient Relational Symbolic Execution for Spectre with Haunted RelSE

Abstract : Spectre are microarchitectural attacks which were made public in January 2018. They allow an attacker to recover secrets by exploiting speculations. Detection of Spectre is particularly important for cryptographic libraries and defenses at the software level have been proposed. Yet, defenses correctness and Spectre detection pose challenges due on one hand to the explosion of the exploration space induced by speculative paths, and on the other hand to the introduction of new Spectre vulnerabilities at different compilation stages. We propose an optimization, coined Haunted RelSE, that allows scalable detection of Spectre vulnerabilities at binary level. We prove the optimization semantically correct w.r.t. the more naive explicit speculative exploration approach used in state-of-the-art tools. We implement Haunted RelSE in a symbolic analysis tool, and extensively test it on a wellknown litmus testset for Spectre-PHT, and on a new litmus testset for Spectre-STL, which we propose. Our technique finds more violations and scales better than state-of-the-art techniques and tools, analyzing real-world cryptographic libraries and finding new violations. Thanks to our tool, we discover that indexmasking-a standard defense for Spectre-PHT-and well-known gcc options to compile position independent executables introduce Spectre-STL violations. We propose and verify a correction to index-masking to avoid the problem.
Document type :
Conference papers
Complete list of metadata

https://hal.inria.fr/hal-03363263
Contributor : Tamara Rezk Connect in order to contact the contributor
Submitted on : Sunday, October 3, 2021 - 5:34:07 PM
Last modification on : Saturday, June 25, 2022 - 11:52:50 PM
Long-term archiving on: : Tuesday, January 4, 2022 - 6:15:17 PM

File

spectre.pdf
Files produced by the author(s)

Identifiers

Citation

Lesly-Ann Daniel, Sébastien Bardin, Tamara Rezk. Hunting the Haunter -Efficient Relational Symbolic Execution for Spectre with Haunted RelSE. NDSS 2021 - Network and Distributed Systems Security, 2021, Virtual, France. ⟨10.14722/ndss.2021.24286⟩. ⟨hal-03363263⟩

Share

Metrics

Record views

100

Files downloads

173