Short Paper: Static and Microarchitectural ML-Based Approaches For Detecting Spectre Vulnerabilities and Attacks

TL;DR

This paper evaluates static and microarchitectural machine learning methods for detecting Spectre vulnerabilities and attacks, aiming to improve detection beyond current reactive techniques.

Contribution

It provides the first comprehensive comparison of static and microarchitectural ML-based approaches for proactive and reactive Spectre threat detection.

Findings

Static analysis can identify vulnerable code snippets effectively.

Microarchitectural features improve attack detection accuracy.

Trade-offs exist between detection speed and accuracy.

Abstract

Spectre intrusions exploit speculative execution design vulnerabilities in modern processors. The attacks violate the principles of isolation in programs to gain unauthorized private user information. Current state-of-the-art detection techniques utilize micro-architectural features or vulnerable speculative code to detect these threats. However, these techniques are insufficient as Spectre attacks have proven to be more stealthy with recently discovered variants that bypass current mitigation mechanisms. Side-channels generate distinct patterns in processor cache, and sensitive information leakage is dependent on source code vulnerable to Spectre attacks, where an adversary uses these vulnerabilities, such as branch prediction, which causes a data breach. Previous studies predominantly approach the detection of Spectre attacks using the microarchitectural analysis, a reactive approach. Hence, in this paper, we present the first comprehensive evaluation of static and microarchitectural analysis-assisted machine learning approaches to detect Spectre vulnerable code snippets (preventive) and Spectre attacks (reactive). We evaluate the performance trade-offs in employing classifiers for detecting Spectre vulnerabilities and attacks.