SPLASH 2021
Sun 17 - Fri 22 October 2021 Chicago, Illinois, United States
Wed 20 Oct 2021 13:50 - 14:05 at Zurich B - Security Chair(s): Yannis Smaragdakis
Wed 20 Oct 2021 21:50 - 22:05 at Zurich B - Security - mirror Chair(s): Chandrakana Nandi

The high-profile Spectre attack and its variants have revealed that speculative execution may
leave secret-dependent footprints in the cache, allowing an attacker to learn confidential data.
However, existing static side-channel detectors either ignore speculative execution, leading to false negatives, or lack a precise cache model, leading to false positives. In this paper, somewhat surprisingly, we show that it is challenging to develop a speculation-aware static analysis with precise cache models: a combination of existing works does not necessarily catch all cache side channels.
Motivated by this observation, we present a new semantic definition of security against cache-based side-channel attacks, called Speculative-Aware noninterference (SANI), which is applicable to a variety of attacks and cache models. We also develop SpecSafe to detect the violations of SANI. Unlike other speculation-aware symbolic executors, SpecSafe employs a novel program transformation so that SANI can be soundly checked by speculation-unaware side-channel detectors.
SpecSafe is shown to be both scalable and accurate on
a set of moderately sized benchmarks, including commonly used cryptography libraries.

Wed 20 Oct

Displayed time zone: Central Time (US & Canada) change

13:50 - 15:10
SecurityOOPSLA at Zurich B +8h
Chair(s): Yannis Smaragdakis University of Athens
13:50
15m
Talk
SpecSafe: Detecting Cache Side Channels in a Speculative WorldVirtual
OOPSLA
Robert Brotzman-Smith Pennsylvania State University, Danfeng Zhang Pennsylvania State University, Mahmut Taylan Kandemir Pennsylvania State University, Gang Tan Pennsylvania State University
DOI
14:05
15m
Talk
Interpretable Noninterference Measurement and Its Application to Processor DesignsVirtual
OOPSLA
Ziqiao Zhou Microsoft Research, Michael K. Reiter Duke University
DOI
14:20
15m
Talk
Reconciling Optimization with Secure CompilationVirtual
OOPSLA
Son Tuan Vu Sorbonne University; CNRS; LIP6, Albert Cohen Google, Arnaud de Grandmaison ARM, Christophe Guillon STMicroelectronics, Karine Heydemann Sorbonne University; CNRS; LIP6
DOI
14:35
15m
Talk
Not So Fast: Understanding and Mitigating Negative Impacts of Compiler Optimizations on Code Reuse Gadget SetsIn-Person
OOPSLA
Michael D. Brown Georgia Institute of Technology, Matthew Pruett Georgia Institute of Technology, Robert Bigelow Georgia Institute of Technology, Girish Mururu Georgia Institute of Technology, Santosh Pande Georgia Institute of Technology
DOI
14:50
20m
Live Q&A
Discussion, Questions and Answers
OOPSLA

21:50 - 23:10
Security - mirrorOOPSLA at Zurich B
Chair(s): Chandrakana Nandi Certora, inc.
21:50
15m
Talk
SpecSafe: Detecting Cache Side Channels in a Speculative WorldVirtual
OOPSLA
Robert Brotzman-Smith Pennsylvania State University, Danfeng Zhang Pennsylvania State University, Mahmut Taylan Kandemir Pennsylvania State University, Gang Tan Pennsylvania State University
DOI
22:05
15m
Talk
Interpretable Noninterference Measurement and Its Application to Processor DesignsVirtual
OOPSLA
Ziqiao Zhou Microsoft Research, Michael K. Reiter Duke University
DOI
22:20
15m
Talk
Reconciling Optimization with Secure CompilationVirtual
OOPSLA
Son Tuan Vu Sorbonne University; CNRS; LIP6, Albert Cohen Google, Arnaud de Grandmaison ARM, Christophe Guillon STMicroelectronics, Karine Heydemann Sorbonne University; CNRS; LIP6
DOI
22:35
15m
Talk
Not So Fast: Understanding and Mitigating Negative Impacts of Compiler Optimizations on Code Reuse Gadget SetsIn-Person
OOPSLA
Michael D. Brown Georgia Institute of Technology, Matthew Pruett Georgia Institute of Technology, Robert Bigelow Georgia Institute of Technology, Girish Mururu Georgia Institute of Technology, Santosh Pande Georgia Institute of Technology
DOI
22:50
20m
Live Q&A
Discussion, Questions and Answers
OOPSLA