Cats vs. Spectre: An Axiomatic Approach to Modelling Speculative Execution Attacks

December 15, 2021

Hernan Ponce de Leon


Cats vs. Spectre: An Axiomatic Approach to Modelling Speculative Execution Attacks

Time:   11:00am
Location:   Meeting room 302
Virtual transmission:   Zoom3 https://zoom.us/j/3911012202
Pass:   5551337

The Spectre family of speculative execution attacks have required a rethinking of formal methods for security. Approaches based on operational speculative semantics have made initial inroads towards finding vulnerable code and validating defenses. However, with each new attack grows the amount of microarchitectural detail that has to be integrated into the underlying semantics. We propose an alternative, light-weight and axiomatic approach to specifying speculative semantics that relies on insights from memory models for concurrency. We use the CAT modeling language for memory consistency to specify execution models that capture speculative control flow, store-to-load forwarding, predictive store forwarding, and memory ordering machine clears. We present a bounded model checking framework parametrized by our speculative CAT models and evaluate its implementation against the state of the art. Due to the axiomatic approach, our models can be rapidly extended to allow our framework to detect new types of attacks and validate defenses against them.