SPECTECTOR: Principled Detection of Speculative Information Flows
share
Since the advent of SPECTRE, a number of countermeasures have been proposed and deployed. Rigorously reasoning about their effectiveness, however, requires a well-defined notion of security against speculative execution attacks, which has been missing until now. We present a novel, principled approach for reasoning about software defenses against SPECTRE-style attacks. Our approach builds on speculative non-interference, the first semantic notion of security against speculative execution attacks. We develop SPECTECTOR, an algorithm based on symbolic execution for automatically proving speculative non-interference, or detecting violations. We implement SPECTECTOR in a tool, and we use it to detect subtle leaks -- and optimizations opportunities -- in the way major compilers place SPECTRE countermeasures.
READ FULL TEXT