Paper Info
Title
KLEESPECTRE: Detecting Information Leakage through Speculative Cache Attacks via Symbolic Execution
Abstract
Spectre-style attacks disclosed in early 2018 expose data leakage scenarios via cache side channels. Specifically, speculatively executed paths due to branch mis-prediction may bring secret data into the cache, which are then exposed via cache side channels even after the speculative execution is squashed. Symbolic execution is a well-known test generation method to cover program paths at the level of the application software. In this article, we extend symbolic execution with modeling of cache and speculative execution. Our tool KLEESPECTRE, built on top of the KLEE symbolic execution engine, can thus provide a testing engine to check for data leakage through the cache side channel as shown via Spectre attacks. Our symbolic cache model can verify whether the sensitive data leakage due to speculative execution can be observed by an attacker at a given program point. Our experiments show that KLEESPECTRE can effectively detect data leakage along speculatively executed paths and our cache model can make the leakage detection more precise.
Year
DOI
Venue
2020
10.1145/3385897
ACM Transactions on Software Engineering and Methodology
Keywords
DocType
Volume
Spectre attacks,cache side channel,software security,symbolic execution
Journal
29
Issue
ISSN
Citations 
3
1049-331X
3
PageRank 
References 
Authors
0.38
0
5
Name
Order
Citations
PageRank
Wang Guanhua130.38
Sudipta Chattopadhyay227721.09
arnab kumar biswas3294.57
Tulika Mitra42714135.99
Abhik Roychoudhury52449122.18