Tutorial

Hardware-Software Leakage Contracts for Side-Channel Security

on Mon, 9:00in Room 402for 90min on Mon, 11:00in Room 402for 90min on Tue, 9:00in Room 402for 90min on Tue, 11:00in Room 402for 90min

Abstract

Microarchitectural attacks such as Spectre and Meltdown compromise security by exploiting software-visible artifacts of microarchitectural optimizations like caches and speculative execution. To use modern hardware securely, programmers must be aware of the security implications of these optimizations. Unfortunately, instruction set architectures (ISAs), the traditional abstraction layer between hardware and software, are an inadequate basis for secure programming: they fully abstract away microarchitectural details and thus fail to capture their security implications.

To enable the principled construction of secure software systems on top of modern hardware, we propose a new security abstraction at the ISA level: hardware-software leakage contracts. Leakage contracts capture side-channel leakage at the ISA level. Thereby they enable compilers to generate code that is provably immune to side-channel attacks without having to reason about microarchitectural details.

In my lecture, I will address challenges around leakage contracts at the hardware and the software level:

How to verify that a given open-source processor design satisfies a particular leakage contract?
How to synthesize a precise leakage contract for a given open-source processor design?
How to analyze the security of software relative to a leakage contract?

Key papers

Hardware-Software Contracts for Secure Speculation (Best Paper Award award). M. Guarnieri, B. Köpf, J. Reineke, and P. Vila. S&P (Oakland), May 2021
SPECTECTOR: Principled Detection of Speculative Information Flows. M. Guarnieri, B. Köpf, J. Morales, J. Reineke, and A. Sánchez. S&P (Oakland), May 2020
Specification and Verification of Side-channel Security for Open-source Processors via Leakage Contracts (Distinguished Paper Award at CCS 2023 and Intel Hardware Security Academic Award Finalist 2024 award). Z. Wang, G. Mohr, K. Gleissenthall, J. Reineke, and M. Guarnieri. CCS, 2023
Synthesizing Hardware-Software Leakage Contracts for RISC-V Open-Source Processors (Best Paper Award Candidate award). G. Mohr, M. Guarnieri, and J. Reineke DATE, March 2024

Overview Program