Survey of transient execution attacks and their mitigations
Transient execution attacks, also known as speculative execution attacks, have drawn much
interest in the last few years as they can cause critical data leakage. Since the first …
interest in the last few years as they can cause critical data leakage. Since the first …
Axiomatic hardware-software contracts for security
We propose leakage containment models (LCMs)---novel axiomatic security contracts which
support formally reasoning about the security guarantees of programs when they run on …
support formally reasoning about the security guarantees of programs when they run on …
[PDF][PDF] Kasper: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel.
Due to the high cost of serializing instructions to mitigate Spectre-like attacks on
mispredicted conditional branches (Spectre-PHT), developers of critical software such as the …
mispredicted conditional branches (Spectre-PHT), developers of critical software such as the …
Inspectre: Breaking and fixing microarchitectural vulnerabilities by formal analysis
The recent Spectre attacks have demonstrated the fundamental insecurity of current
computer microarchitecture. The attacks use features like pipelining, out-of-order and …
computer microarchitecture. The attacks use features like pipelining, out-of-order and …
SoK: Practical foundations for software Spectre defenses
S Cauligi, C Disselkoen, D Moghimi… - … IEEE Symposium on …, 2022 - ieeexplore.ieee.org
Spectre vulnerabilities violate our fundamental assumptions about architectural abstractions,
allowing attackers to steal sensitive data despite previously state-of-the-art …
allowing attackers to steal sensitive data despite previously state-of-the-art …
Speculation at Fault: Modeling and Testing Microarchitectural Leakage of {CPU} Exceptions
Microarchitectural leakage models provide effective tools to prevent vulnerabilities such as
Spectre and Meltdown via secure co-design: For software, they provide a foundation for …
Spectre and Meltdown via secure co-design: For software, they provide a foundation for …
Ultimate {SLH}: Taking Speculative Load Hardening to the Next Level
In this paper we revisit the Spectre v1 vulnerability and software-only countermeasures.
Specifically, we systematically investigate the performance penalty and security properties of …
Specifically, we systematically investigate the performance penalty and security properties of …
Automatic detection of speculative execution combinations
Modern processors employ different speculation mechanisms to speculate over different
kinds of instructions. Attackers can exploit these mechanisms simultaneously in order to …
kinds of instructions. Attackers can exploit these mechanisms simultaneously in order to …
Revizor: Testing black-box CPUs against speculation contracts
Speculative vulnerabilities such as Spectre and Meltdown expose speculative execution
state that can be exploited to leak information across security domains via side-channels …
state that can be exploited to leak information across security domains via side-channels …
Hunting the haunter-efficient relational symbolic execution for spectre with haunted relse
Spectre are microarchitectural attacks which were made public in January 2018. They allow
an attacker to recover secrets by exploiting speculations. Detection of Spectre is particularly …
an attacker to recover secrets by exploiting speculations. Detection of Spectre is particularly …