Spectector: Principled detection of speculative information flows
Since the advent of Spectre, a number of counter-measures have been proposed and
deployed. Rigorously reasoning about their effectiveness, however, requires a well-defined …
deployed. Rigorously reasoning about their effectiveness, however, requires a well-defined …
Binsec/rel: Efficient relational symbolic execution for constant-time at binary-level
The constant-time programming discipline (CT) is an efficient countermeasure against timing
side-channel attacks, requiring the control flow and the memory accesses to be independent …
side-channel attacks, requiring the control flow and the memory accesses to be independent …
Casa: End-to-end quantitative security analysis of randomly mapped caches
It is well known that there are micro-architectural vulnerabilities that enable an attacker to
use caches to exfiltrate secrets from a victim. These vulnerabilities exploit the fact that the …
use caches to exfiltrate secrets from a victim. These vulnerabilities exploit the fact that the …
Composable Cachelets: Protecting Enclaves from Cache {Side-Channel} Attacks
The security of isolated execution architectures such as Intel SGX has been significantly
threatened by the recent emergence of side-channel attacks. Cache side-channel attacks …
threatened by the recent emergence of side-channel attacks. Cache side-channel attacks …
Hunting the haunter-efficient relational symbolic execution for spectre with haunted relse
Spectre are microarchitectural attacks which were made public in January 2018. They allow
an attacker to recover secrets by exploiting speculations. Detection of Spectre is particularly …
an attacker to recover secrets by exploiting speculations. Detection of Spectre is particularly …
SpecuSym: Speculative symbolic execution for cache timing leak detection
CPU cache is a limited but crucial storage component in modern processors, whereas the
cache timing side-channel may inadvertently leak information through the physically …
cache timing side-channel may inadvertently leak information through the physically …
Microwalk-ci: practical side-channel analysis for javascript applications
J Wichelmann, F Sieck, A Pätschke… - Proceedings of the 2022 …, 2022 - dl.acm.org
Secret-dependent timing behavior in cryptographic implementations has resulted in
exploitable vulnerabilities, undermining their security. Over the years, numerous tools to …
exploitable vulnerabilities, undermining their security. Over the years, numerous tools to …
{ARCUS}: symbolic root cause analysis of exploits in production systems
End-host runtime monitors (eg, CFI, system call IDS) flag processes in response to
symptoms of a possible attack. Unfortunately, the symptom (eg, invalid control transfer) may …
symptoms of a possible attack. Unfortunately, the symptom (eg, invalid control transfer) may …
KLEESpectre: Detecting information leakage through speculative cache attacks via symbolic execution
Spectre-style attacks disclosed in early 2018 expose data leakage scenarios via cache side
channels. Specifically, speculatively executed paths due to branch mis-prediction may bring …
channels. Specifically, speculatively executed paths due to branch mis-prediction may bring …
Speculation at Fault: Modeling and Testing Microarchitectural Leakage of {CPU} Exceptions
Microarchitectural leakage models provide effective tools to prevent vulnerabilities such as
Spectre and Meltdown via secure co-design: For software, they provide a foundation for …
Spectre and Meltdown via secure co-design: For software, they provide a foundation for …