TY - GEN
T1 - Automatic and Incremental Repair for Speculative Information Leaks
AU - Bard, Joachim
AU - Jacobs, Swen
AU - Vizel, Yakir
N1 - Publisher Copyright: © 2024, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2024
Y1 - 2024
N2 - We present CureSpec, the first model-checking based framework for automatic repair of programs with respect to information leaks in the presence of side-channels and speculative execution. CureSpec is based on formal models of attacker capabilities, including observable side channels, inspired by the Spectre-PHT attacks. For a given attacker model, CureSpec is able to either prove that the program is secure, or detect potential side-channel vulnerabilities and automatically insert mitigations such that the resulting code is provably secure. Moreover, CureSpec can provide a certificate for the security of the program that can be independently checked. We have implemented CureSpec in the SeaHorn framework and show that it can effectively repair security-critical code, for example the AES encryption from the OpenSSL library.
AB - We present CureSpec, the first model-checking based framework for automatic repair of programs with respect to information leaks in the presence of side-channels and speculative execution. CureSpec is based on formal models of attacker capabilities, including observable side channels, inspired by the Spectre-PHT attacks. For a given attacker model, CureSpec is able to either prove that the program is secure, or detect potential side-channel vulnerabilities and automatically insert mitigations such that the resulting code is provably secure. Moreover, CureSpec can provide a certificate for the security of the program that can be independently checked. We have implemented CureSpec in the SeaHorn framework and show that it can effectively repair security-critical code, for example the AES encryption from the OpenSSL library.
UR - http://www.scopus.com/inward/record.url?scp=85181985206&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-50521-8_14
DO - 10.1007/978-3-031-50521-8_14
M3 - منشور من مؤتمر
SN - 9783031505201
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 291
EP - 313
BT - Verification, Model Checking, and Abstract Interpretation - 25th International Conference, VMCAI 2024, Proceedings
A2 - Dimitrova, Rayna
A2 - Lahav, Ori
A2 - Wolff, Sebastian
PB - Springer Science and Business Media Deutschland GmbH
T2 - 25th International Conference on Verification, Model Checking, and Abstract Interpretation, VMCAI 2024 was co-located with 51st ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2024
Y2 - 15 January 2024 through 16 January 2024
ER -