Speculative Taint Tracking (and a formal analysis of its protection for speculatively-accessed data)

Artem Khyzha

Speculative execution attacks, such as Spectre, present an enormous security threat, capable of reading arbitrary program data under malicious speculation and later exfiltrating that data over microarchitectural covert channels. This talk will present Speculative Taint Tracking (STT), a comprehensive hardware protection from speculative execution attacks. STT is based on the observation that it is safe to execute and selectively forward the results of speculative instructions that read secrets as long as the STT protection can ensure that the forwarded results do not reach potential covert channels. For performance, STT efficiently disables protection on previously protected data, as soon as doing so is safe. In the talk, we will discuss the security guarantees that STT provides, i.e., enforcement of a novel notion of non-interference appropriate for speculative execution attacks.

---

Previous: Wytse Oortwijn | Model-Based Program Verification
Next: Soham Chakraborty | Relaxed Memory Concurrency and Compiler Correctness