Defense against Micro-architecture Level Transient Execution-based Attacks via Program Analysis
Dr Abhik Roychoudhury, Provost'S Chair Professor, School of Computing
COM1 Level 3
MR1, COM1-03-19
Abstract:
Modern processors rely on micro-architectural optimizations predicting or re-ordering the instruction stream to improve performance. These optimizations may introduce security issues in the intermediate state of the execution. Spectre and Meltdown attacks disclosed in early 2018 exposed the data leakage scenario in transient execution of the processor. The key insight into these vulnerabilities is that transient execution in processors can be misused to access the secrets. One typical transient execution-based vulnerability is Spectre introduced by the branch misprediction. Most Spectre attacks rely on the vulnerable code in the victim program. If the Spectre-vulnerable code is accessed on speculative execution paths, it exposes security issues such as data leakage. Theoretically, program analysis can verify whether a program contains the Spectre vulnerable code. However, the traditional program analysis does not consider the vulnerabilities in the speculative paths.
To address this issue, we present two novel program analysis methods to detect, verify or fix the Spectre vulnerabilities. Firstly, we propose a static analysis-based comprehensive and scalable solution oo7. oo7 employs control flow extraction, taint analysis and address analysis at the binary level to efficiently detect the Spectre vulnerabilities. Moreover, oo7 can fix the detected vulnerabilities with negligible performance overhead. Secondly, as for more accurate analysis results, we propose a symbolic execution-based solution KLEESpectre, which can provide a reliable testing engine to detect the data leakage during speculative execution. The symbolic cache model of KLEESpectre can further verify whether the sensitive data leakage can be observed by an attacker at a given program point. In these two solutions, we bring hardware features into the program analysis and detect the program vulnerability introduced by the hardware security weakness before the program runs on the hardware.