TL;DR
This paper introduces a formal framework for hardware-software contracts that enable secure speculation, balancing security guarantees and performance, and facilitating principled co-design of hardware and software defenses against Spectre-like vulnerabilities.
Contribution
It provides the first formalization of hardware-software contracts for secure speculation, enabling comparison of hardware mechanisms and verification of security properties in software.
Findings
Formalized security guarantees for secure speculation mechanisms
Characterized program properties for secure co-design scenarios
Validated properties using existing software verification tools
Abstract
Since the discovery of Spectre, a large number of hardware mechanisms for secure speculation has been proposed. Intuitively, more defensive mechanisms are less efficient but can securely execute a larger class of programs, while more permissive mechanisms may offer more performance but require more defensive programming. Unfortunately, there are no hardware-software contracts that would turn this intuition into a basis for principled co-design. In this paper, we put forward a framework for specifying such contracts, and we demonstrate its expressiveness and flexibility. On the hardware side, we use the framework to provide the first formalization and comparison of the security guarantees provided by a representative class of mechanisms for secure speculation. On the software side, we use the framework to characterize program properties that guarantee secure co-design in two scenarios…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
