Write a Blog >>
Sat 25 Jan 2020 10:30 - 10:54 at Rosalie - Foundations and timing channels Chair(s): Marco Vassena

Speculative execution attacks like Spectre can be used to violate confidentiality in all modern general-purpose CPUs. Recently, many compiler-level countermeasures have been proposed to mitigate the impact of Spectre-style attacks. However, the correctness and security of these countermeasures has not been ascertained yet. Even worse, while some of the existing countermeasures seem to be secure, others are known to be insecure and produce vulnerable programs.

In this paper we report on our ongoing effort towards formally reasoning about the effectiveness of these countermeasures. For this, we combine recent frameworks for reasoning about speculative information flows with a secure compilation theory telling that a compiler is secure when it preserves certain classes of (hyper)properties. We argue that Spectre-like attacks arise from violations of \emph{speculative non-interference}, a non-interference-like property. By lifting speculative non-interference to the secure compilation setting, we obtain a precise notion of security against Spectre-style attacks for compiler-level countermeasures. We believe that this criterion is the first step towards formally reasoning about the security of compiler-level countermeasures against Spectre-style attacks, and we discuss our research plan.

Exorcising Spectres with Secure Compilers (exorciseSpectre@prisc_pdf.pdf)9.10MiB

Sat 25 Jan

Displayed time zone: Saskatchewan, Central America change

10:30 - 12:30
Foundations and timing channelsPriSC at Rosalie
Chair(s): Marco Vassena CISPA Helmholtz Center for Information Security
10:30
24m
Talk
Exorcising Spectres with Secure Compilers
PriSC
Marco Patrignani Stanford University & CISPA , Marco Guarnieri IMDEA Software Institute
Media Attached File Attached
10:54
24m
Talk
Trace-Relating Compiler Correctness and Secure Compilation
PriSC
Carmine Abate Inria Paris, Roberto Blanco Inria, Stefan Ciobaca Alexandru Ioan Cuza University of Iasi, Deepak Garg Max Planck Institute for Software Systems, Cătălin Hriţcu Inria Paris, Marco Patrignani Stanford University & CISPA , Éric Tanter University of Chile, Jérémy Thibault Inria Paris
Media Attached File Attached
11:18
24m
Talk
Reconciling progress-insensitive noninterference and declassification
PriSC
Johan Bay Aarhus University, Aslan Askarov Aarhus University
Media Attached File Attached
11:42
24m
Talk
Hermes: Implementing Cryptography without Side-channels
PriSC
Ken Friis Larsen DIKU, University of Copenhagen, Torben Mogensen DIKU, University of Copenhagen, Michael Kirkedal Thomsen DIKU, University of Copenhagen
File Attached
12:06
24m
Talk
A CompCert Compiler that Preserves Cryptographic Constant-time
PriSC
Sandrine Blazy Univ Rennes- IRISA, Rémi Hutin IRISA / ENS Rennes, David Pichardie Univ Rennes, ENS Rennes, IRISA
Media Attached