Presentation
Lost and Found in Speculation: Hybrid Speculative Vulnerability Detection
DescriptionMicroarchitectural attacks represent a challenging and persistent threat to modern processors, exploiting inherent design vulnerabilities in processors to leak sensitive information or compromise systems. Of particular concern is the susceptibility of Speculative Execution, a fundamental part of performance enhancement, to such attacks.
We introduce Specure, a novel pre-silicon verification method composing hardware fuzzing with Information Flow Tracking (IFT) to address speculative execution leakages. Integrating IFT enables two significant and non-trivial enhancements over the existing fuzzing approaches: i) automatic detection of microarchitectural information leakages vulnerabilities without golden model and ii) a novel Leakage Path coverage metric for efficient vulnerability detection. Specure identifies previously overlooked speculative execution vulnerabilities on the RISC-V Boom processor and explores the vulnerability search space 6.45× faster than existing fuzzing techniques. Moreover, Specure detected known vulnerabilities 20× faster.
We introduce Specure, a novel pre-silicon verification method composing hardware fuzzing with Information Flow Tracking (IFT) to address speculative execution leakages. Integrating IFT enables two significant and non-trivial enhancements over the existing fuzzing approaches: i) automatic detection of microarchitectural information leakages vulnerabilities without golden model and ii) a novel Leakage Path coverage metric for efficient vulnerability detection. Specure identifies previously overlooked speculative execution vulnerabilities on the RISC-V Boom processor and explores the vulnerability search space 6.45× faster than existing fuzzing techniques. Moreover, Specure detected known vulnerabilities 20× faster.
Event Type
Research Manuscript
TimeThursday, June 2710:48am - 11:06am PDT
Location3008, 3rd Floor
Security
Hardware Security: Primitives, Architecture, Design & Test