{RETBLEED}: Arbitrary speculative code execution with return instructions
Modern operating systems rely on software defenses against hardware attacks. These
defenses are, however, as good as the assumptions they make on the underlying hardware …
defenses are, however, as good as the assumptions they make on the underlying hardware …
Axiomatic hardware-software contracts for security
We propose leakage containment models (LCMs)---novel axiomatic security contracts which
support formally reasoning about the security guarantees of programs when they run on …
support formally reasoning about the security guarantees of programs when they run on …
{SpecFuzz}: Bringing spectre-type vulnerabilities to the surface
O Oleksenko, B Trach, M Silberstein… - 29th USENIX Security …, 2020 - usenix.org
SpecFuzz is the first tool that enables dynamic testing for speculative execution
vulnerabilities (eg, Spectre). The key is a novel concept of speculation exposure: The …
vulnerabilities (eg, Spectre). The key is a novel concept of speculation exposure: The …
SoK: Practical foundations for software Spectre defenses
S Cauligi, C Disselkoen, D Moghimi… - … IEEE Symposium on …, 2022 - ieeexplore.ieee.org
Spectre vulnerabilities violate our fundamental assumptions about architectural abstractions,
allowing attackers to steal sensitive data despite previously state-of-the-art …
allowing attackers to steal sensitive data despite previously state-of-the-art …
Phantom: Exploiting decoder-detectable mispredictions
Violating the Von Neumann sequential processing principle at the microarchitectural level is
commonplace to reach high performing CPU hardware—violations are safe as long as …
commonplace to reach high performing CPU hardware—violations are safe as long as …
Speculation at Fault: Modeling and Testing Microarchitectural Leakage of {CPU} Exceptions
Microarchitectural leakage models provide effective tools to prevent vulnerabilities such as
Spectre and Meltdown via secure co-design: For software, they provide a foundation for …
Spectre and Meltdown via secure co-design: For software, they provide a foundation for …
Ultimate {SLH}: Taking Speculative Load Hardening to the Next Level
In this paper we revisit the Spectre v1 vulnerability and software-only countermeasures.
Specifically, we systematically investigate the performance penalty and security properties of …
Specifically, we systematically investigate the performance penalty and security properties of …
Automatic detection of speculative execution combinations
Modern processors employ different speculation mechanisms to speculate over different
kinds of instructions. Attackers can exploit these mechanisms simultaneously in order to …
kinds of instructions. Attackers can exploit these mechanisms simultaneously in order to …
Hunting the haunter-efficient relational symbolic execution for spectre with haunted relse
Spectre are microarchitectural attacks which were made public in January 2018. They allow
an attacker to recover secrets by exploiting speculations. Detection of Spectre is particularly …
an attacker to recover secrets by exploiting speculations. Detection of Spectre is particularly …
High-assurance cryptography in the spectre era
G Barthe, S Cauligi, B Grégoire… - … IEEE Symposium on …, 2021 - ieeexplore.ieee.org
High-assurance cryptography leverages methods from program verification and
cryptography engineering to deliver efficient cryptographic software with machine-checked …
cryptography engineering to deliver efficient cryptographic software with machine-checked …