Enregistré dans:
Détails bibliographiques
Auteurs principaux: Fabian, Xaver, Patrignani, Marco, Guarnieri, Marco, Backes, Michael
Format: Preprint
Publié: 2024
Sujets:
Accès en ligne:https://arxiv.org/abs/2405.10089
Tags: Ajouter un tag
Pas de tags, Soyez le premier à ajouter un tag!
_version_ 1866915182564868096
author Fabian, Xaver
Patrignani, Marco
Guarnieri, Marco
Backes, Michael
author_facet Fabian, Xaver
Patrignani, Marco
Guarnieri, Marco
Backes, Michael
contents Mainstream compilers implement different countermeasures to prevent specific classes of speculative execution attacks. Unfortunately, these countermeasures either lack formal guarantees or come with proofs restricted to speculative semantics capturing only a subset of the speculation mechanisms supported by modern CPUs, thereby limiting their practical applicability. Ideally, these security proofs should target a speculative semantics capturing the effects of all speculation mechanisms implemented in modern CPUs. However, this is impractical and requires new secure compilation proofs to support additional speculation mechanisms. In this paper, we address this problem by proposing a novel secure compilation framework that allows lifting the security guarantees provided by Spectre countermeasures from weaker speculative semantics (ignoring some speculation mechanisms) to stronger ones (accounting for the omitted mechanisms) without requiring new secure compilation proofs. Using our lifting framework, we performed the most comprehensive security analysis of Spectre countermeasures implemented in mainstream compilers to date. Our analysis spans 9 different countermeasures against 5 classes of Spectre attacks, which we proved secure against a speculative semantics accounting for five different speculation mechanisms.
format Preprint
id arxiv_https___arxiv_org_abs_2405_10089
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Do You Even Lift? Strengthening Compiler Security Guarantees Against Spectre Attacks
Fabian, Xaver
Patrignani, Marco
Guarnieri, Marco
Backes, Michael
Programming Languages
Mainstream compilers implement different countermeasures to prevent specific classes of speculative execution attacks. Unfortunately, these countermeasures either lack formal guarantees or come with proofs restricted to speculative semantics capturing only a subset of the speculation mechanisms supported by modern CPUs, thereby limiting their practical applicability. Ideally, these security proofs should target a speculative semantics capturing the effects of all speculation mechanisms implemented in modern CPUs. However, this is impractical and requires new secure compilation proofs to support additional speculation mechanisms. In this paper, we address this problem by proposing a novel secure compilation framework that allows lifting the security guarantees provided by Spectre countermeasures from weaker speculative semantics (ignoring some speculation mechanisms) to stronger ones (accounting for the omitted mechanisms) without requiring new secure compilation proofs. Using our lifting framework, we performed the most comprehensive security analysis of Spectre countermeasures implemented in mainstream compilers to date. Our analysis spans 9 different countermeasures against 5 classes of Spectre attacks, which we proved secure against a speculative semantics accounting for five different speculation mechanisms.
title Do You Even Lift? Strengthening Compiler Security Guarantees Against Spectre Attacks
topic Programming Languages
url https://arxiv.org/abs/2405.10089