Towards Understanding Spectre-PHT in Memory-Safe Languages (PriSC 2022)

Sun 16 - Fri 28 January 2022 Philadelphia, Pennsylvania, United States

Who

Zirui Neil Zhao, Fangfei Liu, Scott Constable, Carlos Rozas

Track

PriSC 2022

Time Zone

The program is currently displayed in (GMT-05:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-05:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Sat 22 Jan 2022 10:45 - 11:10 at Independence - Attacks and defenses Chair(s): Jonathan Protzenko

Abstract

Since the initial disclosure of Spectre and Meltdown, speculative execution attacks strategies have become one of the principal focus areas of security research. To defend against universal read gadgets in Spectre-PHT, there are proposals of using hardware extensions to enforce memory safety during speculative execution, thus helping protect victims from universal read gadgets. However, memory safety techniques cannot stop all Spectre-PHT variants, since not all variants rely on memory safety violations. Understanding gaps between memory safety and speculation safety are crucial for enhancing memory safety techniques to defend against all Spectre-PHT variants with low execution overhead. Therefore, we conduct a study on understanding residual Spectre-PHT vulnerabilities after applying memory safety techniques. We found that most residual vulnerabilities are mostly caused by type confusion and temporal memory safety violation.

Zirui Neil Zhao

University of Illinois at Urbana-Champaign

United States

Fangfei Liu

Intel Corporation

Scott Constable

Intel Corporation

Carlos Rozas

Intel Corporation

Time Zone

The program is currently displayed in (GMT-05:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-05:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Sat 22 Jan
Displayed time zone: Eastern Time (US & Canada) change

10:20 - 11:35	Attacks and defensesPriSC at Independence Chair(s): Jonathan Protzenko Microsoft Research, Redmond

10:20 25m Talk		Type-directed Program Transformation for Constant-Time EnforcementRemote PriSC Gautier Raimondi Inria, Frédéric Besson Inria, Thomas P. Jensen INRIA Rennes File Attached
10:45 25m Talk		Towards Understanding Spectre-PHT in Memory-Safe LanguagesRemote PriSC Zirui Neil Zhao University of Illinois at Urbana-Champaign, Fangfei Liu Intel Corporation, Scott Constable Intel Corporation, Carlos Rozas Intel Corporation
11:10 25m Talk		Synthesizing Evidence of Emergent ComputationRemote PriSC Scott Moore Galois, Inc., Jennifer Paykin Galois, Inc., Olivier Savary Bélanger Galois, Inc. Media Attached File Attached