KLEESpectre-Reference-Cited by-同舟云学术

KLEESpectre

Published:2020-07-31 Issue:3 Volume:29 Page:1-31
ISSN:1049-331X
Container-title:ACM Transactions on Software Engineering and Methodology
language:en
Short-container-title:ACM Trans. Softw. Eng. Methodol.

Author:

Wang Guanhua¹^ORCID,Chattopadhyay Sudipta²,Biswas Arnab Kumar¹,Mitra Tulika¹,Roychoudhury Abhik¹^ORCID

Affiliation:

1. National University of Singapore, Singapore

2. Singapore University of Technology and Design, Singapore

Abstract

Spectre-style attacks disclosed in early 2018 expose data leakage scenarios via cache side channels. Specifically, speculatively executed paths due to branch mis-prediction may bring secret data into the cache, which are then exposed via cache side channels even after the speculative execution is squashed. Symbolic execution is a well-known test generation method to cover program paths at the level of the application software. In this article, we extend symbolic execution with modeling of cache and speculative execution. Our tool KLEE SPECTRE , built on top of the KLEE symbolic execution engine, can thus provide a testing engine to check for data leakage through the cache side channel as shown via Spectre attacks. Our symbolic cache model can verify whether the sensitive data leakage due to speculative execution can be observed by an attacker at a given program point. Our experiments show that KLEE SPECTRE can effectively detect data leakage along speculatively executed paths and our cache model can make the leakage detection more precise.

Funder

Prime Minister’s Office

National Cybersecurity R8D Program

National Cybersecurity R8D Directorate

National Research Foundation

Publisher

Association for Computing Machinery (ACM)

Subject

Software

Link

https://dl.acm.org/doi/pdf/10.1145/3385897

Reference43 articles.

1. Shun Yan Cheung. 2010. Level-compressed Patricia tries. Retrieved from https://www.nada.kth.se/snilsson/publications/Dynamic-trie-compression-implementation/. Shun Yan Cheung. 2010. Level-compressed Patricia tries. Retrieved from https://www.nada.kth.se/snilsson/publications/Dynamic-trie-compression-implementation/.

2. Intel. 2017. Intel Xeon Gold 6126 Processor. Retrieved from https://ark.intel.com/products/120483/Intel-Xeon-Gold-6126-Processor-19-25M-Cache-2-60-GHz-. Intel. 2017. Intel Xeon Gold 6126 Processor. Retrieved from https://ark.intel.com/products/120483/Intel-Xeon-Gold-6126-Processor-19-25M-Cache-2-60-GHz-.

3. uClibc. 2018. Retrieved from http://www.uclibc.org. uClibc. 2018. Retrieved from http://www.uclibc.org.

4. Decomposition instead of self-composition for proving the absence of timing channels

Cited by 21 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Towards Efficient Verification of Constant-Time Cryptographic Implementations;Proceedings of the ACM on Software Engineering;2024-07-12

2. Beyond Over-Protection: A Targeted Approach to Spectre Mitigation and Performance Optimization;Proceedings of the 19th ACM Asia Conference on Computer and Communications Security;2024-07

3. Serberus: Protecting Cryptographic Code from Spectres at Compile-Time;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19

4. Modeling, Derivation, and Automated Analysis of Branch Predictor Security Vulnerabilities;2024 IEEE International Symposium on High-Performance Computer Architecture (HPCA);2024-03-02

5. ZeroLeak: Automated Side-Channel Patching in Source Code Using LLMs;Lecture Notes in Computer Science;2024