Paper accepted at IEEE S&P 2022

10 December 2021

Our paper Cats vs. Spectre: An Axiomatic Approach to Modeling Speculative Execution Attacks will appear at IEEE S&P 2022 (Oakland) in San Francisco. The paper demonstrates how you can use models in the CAT language to detect code vulnerable to Spectre-PHT, Spectre-STL, predictive store forwarding, and memory ordering machine clears.

Abstract

The Spectre family of speculative execution attacks has required a rethinking of formal methods for security. Approaches based on operational speculative semantics have made initial inroads towards finding vulnerable code and validating defenses. However, with each new attack grows the amount of microarchitectural detail that has to be integrated into the underlying semantics. We propose an alternative, light-weight and axiomatic approach to specifying speculative semantics that relies on insights from memory models for concurrency. We use the CAT modeling language for memory consistency to specify execution models that capture speculative control flow, store-to-load forwarding, predictive store forwarding, and memory ordering machine clears. We present a bounded model checking framework parameterized by our speculative CAT models and evaluate its implementation against the state of the art. Due to the axiomatic approach, our models can be rapidly extended to allow our framework to detect new types of attacks and validate defenses against them.

Aktuelles

Our Group is Moving to LMU Munich!

Beginning April 2023, our group moves to LMU Munich to form the Chair of Programming Languages and Artificial Intelligence.

Paper accepted at IEEE S&P 2023

Our paper "XFL: Naming Functions in Binaries with Extreme Multi-label Learning" will appear at IEEE S&P 2023 (Oakland) in San Francisco.

Welcome Sebastian!

Sebastian Jänich joined the lab as a new PhD student on the ForDaySec project. Sebastian will be developing methods for identifying and patching vulnerabilities in the firmware of devices in the Internet of Things. Welcome Sebastian!

ForDaySec Project Started

The ForDaySec research network on secure everyday digitization has officially launched. Apply now as a PhD student or Postdoc to contribute in the area of firmware analysis and patching.

Welcome Matías!

Matías Federico Gobbi has joined the PATCH lab as a new PhD student. Matías's work will focus on static analysis for detecting suspicious modifications of source code.

DEMISEC Project Officially Started

The project "DEMISEC: Detection of Malicious Implants in Source Code" has officially started. We have two open positions for PhD/postdocs related to the project.