Paper Info
Title
oo7: Low-overhead Defense against Spectre Attacks via Binary Analysis.
Abstract
The Spectre vulnerability in modern processors has been widely reported. The key insight in this vulnerability is that speculative execution in processors can be misused to access secrets speculatively. Subsequently even though the speculatively executed instructions are squashed, the secret may linger in micro-architectural states such as cache, and can potentially be accessed by an attacker via side channels. We propose oo7, a static analysis approach that can mitigate Spectre attacks by detecting potentially vulnerable code snippets in program binaries and protecting them against the attack. We employ control flow extraction, taint analysis and address analysis to detect tainted conditional branches and speculative memory accesses. oo7 can detect all fifteen purpose-built Spectre-vulnerable code patterns [1], whereas Microsoft compiler with Spectre mitigation option can only detect two of them. We also report the results of a large-scale study on applying oo7 to over 500 program binaries (average binary size 261 KB) from different real-world projects. We protect programs against Spectre attack by selectively inserting fences only at vulnerable conditional branches to prevent speculative execution. Our approach is experimentally observed to incur around 4% performance overheads on SPECint 2006 benchmarks. Finally, we demonstrate that our approach is flexible and can be tuned to detect many other emerging Spectre variants, as well as Meltdown and Foreshadow attacks.
Year
Venue
Field
2018
arXiv: Cryptography and Security
Computer security,Cache,Speculative execution,Computer science,Static analysis,Control flow,Communication channel,Compiler,SPECint,Taint checking
DocType
Volume
Citations 
Journal
abs/1807.05843
0
PageRank 
References 
Authors
0.34
15
5
Name
Order
Citations
PageRank
Guanhua Wang141.09
Sudipta Chattopadhyay227721.09
Ivan Gotovchits300.34
Tulika Mitra42714135.99
Abhik Roychoudhury52449122.18