Spectector: Principled detection of speculative information flows

February 19, 2019

Marco Guarnieri


Spectector: Principled detection of speculative information flows

Time:   10:45am
Location:   Lecture hall 1, level B

Since the advent of Spectre, a number of countermeasures have been proposed and deployed. Rigorously reasoning about their effectiveness, however, requires a well-defined notion of security against speculative execution attacks, which has been missing until now. We present a novel, principled approach for reasoning about software defenses against Spectre-style attacks. Our approach builds on speculative non-interference, the first semantic notion of security against speculative execution attacks. We develop Spectector, an algorithm based on symbolic execution for automatically proving speculative non-interference, or detecting violations. We implement Spectector in a tool, and we use it to detect subtle leaks – and optimizations opportunities – in the way major compilers place Spectre countermeasures.