Serberus: Protecting Cryptographic Code from Spectres at Compile-Time

TL;DR

Serberus is a comprehensive compile-time mitigation that significantly enhances the security of constant-time cryptographic code against Spectre attacks, reducing leakage by addressing unsafe code patterns and leveraging hardware control-flow protections.

Contribution

Serberus introduces a novel approach combining hardware insights and code analysis to mitigate Spectre vulnerabilities in constant-time cryptographic implementations.

Findings

Reduces Spectre-related leakage in cryptographic code

Achieves lower runtime overhead than previous mitigations

Effectively addresses unsafe code patterns in constant-time code

Abstract

We present Serberus, the first comprehensive mitigation for hardening constant-time (CT) code against Spectre attacks (involving the PHT, BTB, RSB, STL and/or PSF speculation primitives) on existing hardware. Serberus is based on three insights. First, some hardware control-flow integrity (CFI) protections restrict transient control-flow to the extent that it may be comprehensively considered by software analyses. Second, conformance to the accepted CT code discipline permits two code patterns that are unsafe in the post-Spectre era. Third, once these code patterns are addressed, all Spectre leakage of secrets in CT programs can be attributed to one of four classes of taint primitives--instructions that can transiently assign a secret value to a publicly-typed register. We evaluate Serberus on cryptographic primitives in the OpenSSL, Libsodium, and HACL* libraries. Serberus introduces 21.3% runtime overhead on average, compared to 24.9% for the next closest state-of-the-art software mitigation, which is less secure.