We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.CR

Change to browse by:

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: Specognitor: Identifying Spectre Vulnerabilities via Prediction-Aware Symbolic Execution

Authors: Ali Sahraee
Abstract: Spectre attacks exploit speculative execution to leak sensitive information. In the last few years, a number of static side-channel detectors have been proposed to detect cache leakage in the presence of speculative execution. However, these techniques either ignore branch prediction mechanism, detect static pre-defined patterns which is not suitable for detecting new patterns, or lead to false negatives.
In this paper, we illustrate the weakness of prediction-agnostic state-of-the-art approaches. We propose Specognitor, a novel prediction-aware symbolic execution engine to soundly explore program paths and detect subtle spectre variant 1 and variant 2 vulnerabilities. We propose a dynamic pattern detection mechanism to account for both existing and future vulnerabilities. Our experimental results show the effectiveness and efficiency of Specognitor in analyzing real-world cryptographic programs w.r.t. different processor families.
Subjects: Cryptography and Security (cs.CR); Hardware Architecture (cs.AR); Symbolic Computation (cs.SC); Software Engineering (cs.SE)
Cite as: arXiv:2211.13526 [cs.CR]
  (or arXiv:2211.13526v1 [cs.CR] for this version)

Submission history

From: Ali Sahraee [view email]
[v1] Thu, 24 Nov 2022 10:46:23 GMT (2124kb,D)

Link back to: arXiv, form interface, contact.