Reasoning about speculative execution attacks

Dec 12, 2018

Speculative execution attacks, like the recent Spectre attacks, exploit the persistent microarchitectural side-effects of speculatively executed instructions. These attacks affect all modern general-purpose CPUs and pose a serious threat against platforms with multiple tenants. However, we still lack a precise characterization of security against speculative execution attacks. Such a characterization is a prerequisite for reasoning about the effectiveness and security of countermeasures.

Goals

This project’s goals are (1) building the theoretical foundations for reasoning about speculative execution attacks, (2) developing techniques for detecting speculative leaks (or prove their absence), and (3) analyzing the security of (hardware and software) Spectre’s countermeasures.

Security Micro-architectural attacks

Marco Guarnieri

Assistant professor

My research focuses on the design, analysis, and implementation of secure systems.

Publications

Automatic Detection of Speculative Execution Combinations

Modern processors employ different speculation mechanisms to speculate over different kinds of instructions. Attackers can exploit …

Xaver Fabian, Marco Patrignani, Marco Guarnieri

Hardware-Software Contracts for Secure Speculation

Since the discovery of Spectre, a large number of hardware mechanisms for secure speculation have been proposed. Intuitively, more …

Marco Guarnieri, Boris Köpf, Jan Reineke, Pepe Vila

Exorcising Spectres with Secure Compilers

Attackers can access sensitive information of programs by exploiting the side-effects of speculatively-executed instructions using …

Marco Patrignani, Marco Guarnieri

SPECTECTOR: Principled detection of speculative information flows

Since the advent of SPECTRE, a number of countermeasures have been proposed and deployed. Rigorously reasoning about their …

Marco Guarnieri, Boris Köpf, José F. Morales, Jan Reineke, Andrés Sánchez