Publikationen
Lost and Found in Speculation: Hybrid Speculative Vulnerability Detection
| Autor | Rostami, Mohamadreza; Zeitouni, Shaza; Kande, Rahul; Chen, Chen; Mahmoody, Pouya; Rajendran, Jeyavijayan; Sadeghi, Ahmad-Reza |
|---|---|
| Datum | 2024 |
| Art | Conference Proceedings |
| Abstrakt | Microarchitectural attacks represent a challenging and persistent threat to modern processors, exploiting inherent design vulnerabilities in processors to leak sensitive information or compromise systems. Of particular concern is the susceptibility of Speculative Execution, a fundamental part of performance enhancement, to such attacks. We introduce Specure, a novel pre-silicon verification method composing hardware fuzzing with Information Flow Tracking (IFT) to address speculative execution leakages. Integrating IFT enables two significant and non-trivial enhancements over the existing fuzzing approaches: i) automatic detection of microarchitectural information leakages vulnerabilities without golden model and ii) a novel Leakage Path coverage metric for efficient vulnerability detection. Specure identifies previously overlooked speculative execution vulnerabilities on the RISC-V BOOM processor and explores the vulnerability search space 6.45× faster than existing fuzzing techniques. Moreover, Specure detected known vulnerabilities 20× faster. |
| Konferenz | 61st ACM/IEEE Design Automation Conference |
| ISBN | 9798400706011 |
| Serie | DAC '24 |
| In | Proceedings of the 61st ACM/IEEE Design Automation Conference |
| Publisher | Association for Computing Machinery |
| Url | https://tubiblio.ulb.tu-darmstadt.de/id/eprint/153396 |
Aus- und Weiterbildung
Informieren Sie sich über die Aus- und Weiterbildungsangebote der in ATHENE mitwirkenden Institutionen