Automatic and Incremental Repair for Speculative Information Leaks

Joachim Bard, Swen Jacobs, Yakir Vizel

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

We present CureSpec, the first model-checking based framework for automatic repair of programs with respect to information leaks in the presence of side-channels and speculative execution. CureSpec is based on formal models of attacker capabilities, including observable side channels, inspired by the Spectre-PHT attacks. For a given attacker model, CureSpec is able to either prove that the program is secure, or detect potential side-channel vulnerabilities and automatically insert mitigations such that the resulting code is provably secure. Moreover, CureSpec can provide a certificate for the security of the program that can be independently checked. We have implemented CureSpec in the SeaHorn framework and show that it can effectively repair security-critical code, for example the AES encryption from the OpenSSL library.

Original languageEnglish
Title of host publicationVerification, Model Checking, and Abstract Interpretation - 25th International Conference, VMCAI 2024, Proceedings
EditorsRayna Dimitrova, Ori Lahav, Sebastian Wolff
PublisherSpringer Science and Business Media Deutschland GmbH
Pages291-313
Number of pages23
ISBN (Print)9783031505201
DOIs
StatePublished - 2024
Event25th International Conference on Verification, Model Checking, and Abstract Interpretation, VMCAI 2024 was co-located with 51st ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2024 - London, United Kingdom
Duration: 15 Jan 202416 Jan 2024

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume14500 LNCS

Conference

Conference25th International Conference on Verification, Model Checking, and Abstract Interpretation, VMCAI 2024 was co-located with 51st ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2024
Country/TerritoryUnited Kingdom
CityLondon
Period15/01/2416/01/24

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Automatic and Incremental Repair for Speculative Information Leaks'. Together they form a unique fingerprint.

Cite this