Efficient Information-Flow Verification Under Speculative Execution

Roderick Bloem, Swen Jacobs, Yakir Vizel

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

We study the formal verification of information-flow properties in the presence of speculative execution and side-channels. First, we present a formal model of speculative execution semantics. This model can be parameterized by the depth of speculative execution and is amenable to a range of verification techniques. Second, we introduce a novel notion of information leakage under speculation, which is parameterized by the information that is available to an attacker through side-channels. Finally, we present one verification technique that uses our formalism and can be used to detect information leaks under speculation through cache side-channels, and can decide whether these are only possible under speculative execution. We implemented an instance of this verification technique that combines taint analysis and safety model checking. We evaluated this approach on a range of examples that have been proposed as benchmarks for mitigations of the Spectre vulnerability, and show that our approach correctly identifies all information leaks.

Original languageEnglish
Title of host publicationAutomated Technology for Verification and Analysis- 17th International Symposium, AVTA 2019, Proceedings
EditorsYu-Fang Chen, Chih-Hong Cheng, Javier Esparza
Pages499-514
Number of pages16
DOIs
StatePublished - 2019
Event17th International Symposium on Automated Technology for Verification and Analysis, ATVA 2019 - Taipei, Taiwan, Province of China
Duration: 28 Oct 201931 Oct 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11781 LNCS

Conference

Conference17th International Symposium on Automated Technology for Verification and Analysis, ATVA 2019
Country/TerritoryTaiwan, Province of China
CityTaipei
Period28/10/1931/10/19

Keywords

  • Information flow
  • Side channels
  • Speculative execution
  • Verification

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Efficient Information-Flow Verification Under Speculative Execution'. Together they form a unique fingerprint.

Cite this