SemPat: From Hyperproperties to Attack Patterns for Scalable Analysis of Microarchitectural Security
Adwait Godbole, Yatin A. Manerkar, and Sanjit A. Seshia. SemPat: From Hyperproperties to Attack Patterns for Scalable Analysis of Microarchitectural Security. In Proceedings of the 31th ACM Conference on Computer and Communications Security (CCS), ACM, 2024.
Download
Abstract
Microarchitectural security verification of software has seen the emergence of two broad classes of approaches. The first uses non-interference-based semantic security properties which are verified for a given program and a given model of the hardware microarchitecture. The second is based on attack patterns, which, if found in a program execution, indicates the presence of an exploit. We observe that while the former uses a formal specification that can capture several gadget variants targeting the same vulnerability, it is limited by the scalability of verification. Patterns, while more scalable, must be currently constructed manually, as they are narrower in scope and sensitive to gadget-specific structure. <p> This work develops a technique that, given a non-interference-based semantic security hyperproperty, automatically generates attack patterns up to a certain complexity parameter (called the skeleton size). Thus, we combine the advantages of both approaches: security can be specified by a hyperproperty that uniformly captures several gadget variants, while automatically generated patterns can be used for scalable verification. We implement our approach in a tool and demonstrate the ability to generate new patterns, (e.g., for SpectreV1, SpectreV4) and improved scalability using the generated patterns over hyperproperty-based verification.
BibTeX
@inproceedings{godbole-ccs24,
author = {Adwait Godbole and
Yatin A. Manerkar and
Sanjit A. Seshia},
title = {SemPat: From Hyperproperties to Attack Patterns for Scalable Analysis of Microarchitectural Security},
booktitle = {Proceedings of the 31th ACM Conference on Computer and Communications Security (CCS)},
OPTpages = {1--10},
publisher = {{ACM}},
year = {2024},
abstract = {Microarchitectural security verification of software has seen the emergence of two broad classes of approaches. The first uses non-interference-based semantic security properties which are verified for a given program and a given model of the hardware microarchitecture. The second is based on attack patterns, which, if found in a program execution, indicates the presence of an exploit. We observe that while the former uses a formal specification that can capture several gadget variants targeting the same vulnerability, it is limited by the scalability of verification. Patterns, while more scalable, must be currently constructed manually, as they are narrower in scope and sensitive to gadget-specific structure.
<p>
This work develops a technique that, given a non-interference-based semantic security hyperproperty, automatically generates attack patterns up to a certain complexity parameter (called the skeleton size). Thus, we combine the advantages of both approaches: security can be specified by a hyperproperty that uniformly captures several gadget variants, while automatically generated patterns can be used for scalable verification. We implement our approach in a tool and demonstrate the ability to generate new patterns, (e.g., for SpectreV1, SpectreV4) and improved scalability using the generated patterns over hyperproperty-based verification.},
}