Marco Guarnieri: “Using Spectector, we detected subtle bugs in the way countermeasures against speculative execution attacks are placed by major compilers”

Marco Guarnieri: “Using Spectector, we detected subtle bugs in the way countermeasures against speculative execution attacks are placed by major compilers”

December 27, 2019

Research results

Micro-architectural attacks, like the recently discovered Spectre and Meltdown attacks, exploit critical vulnerabilities in modern processors to compromise a system’s security.

These attacks affect all modern general-purpose processors (such as those used in our computers). Concretely, they can bypass common security defenses at the software level by exploiting hardware side-effects.

In Marco Guarnieri research, he developed tools for better understanding how micro-architectural attacks work. He then leverages this understanding to design new defense techniques against these attacks.

As a concrete example, Marco Guarnieri, José F. Morales and Andrés Sánchez, from the IMDEA Software Institute, Boris Köpf, from Microsoft Research, and Jan Reineke, from Saarland University recently developed SPECTECTOR, an automated technique for determining whether programs are vulnerable to a specific class of micro-architectural attacks called speculative execution attacks.

“Using Spectector, we detected subtle bugs in the way countermeasures against speculative execution attacks are placed by major compilers. These bugs may result in insecure programs or inefficient programs” ended Marco.