Declassiflow: A Static Analysis for Modeling Non-Speculative Knowledge to Relax Speculative Execution Security Measures

Rutvik Choudhary, Alan Wang, Zirui Neil Zhao, Adam Morrison, Christopher W. Fletcher

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Speculative execution attacks undermine the security of constant-time programming, the standard technique used to prevent microarchitectural side channels in security-sensitive software such as cryptographic code. Constant-time code must therefore also deploy a defense against speculative execution attacks to prevent leakage of secret data stored in memory or the processor registers. Unfortunately, contemporary defenses, such as speculative load hardening (SLH), can only satisfy this strong security guarantee at a very high performance cost. This paper proposes Declassiflow, a static program analysis and protection framework to efficiently protect constant-time code from speculative leakage. Declassiflow models “attacker knowledge”-data which is inherently transmitted (or, implicitly declassified) by the code's non-speculative execution-and statically removes protection on such data from points in the program where it is already guaranteed to leak non-speculatively. Overall, Declassiflow ensures that data which never leaks during the non-speculative execution does not leak during speculative execution, but with lower overhead than conservative protections like SLH.

Original languageEnglish
Title of host publicationCCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery, Inc
Pages2053-2067
Number of pages15
ISBN (Electronic)9798400700507
DOIs
StatePublished - 15 Nov 2023
Event30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023 - Copenhagen, Denmark
Duration: 26 Nov 202330 Nov 2023

Publication series

NameCCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Conference

Conference30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023
Country/TerritoryDenmark
CityCopenhagen
Period26/11/2330/11/23

Funding

FundersFunder number
National Science Foundation1954521, 2154183, 1942888

    Keywords

    • Software-based defense
    • Speculative execution attacks
    • Static analysis

    Fingerprint

    Dive into the research topics of 'Declassiflow: A Static Analysis for Modeling Non-Speculative Knowledge to Relax Speculative Execution Security Measures'. Together they form a unique fingerprint.

    Cite this