2021 IEEE Symposium on Security and Privacy (SP) 2021
DOI: 10.1109/sp40001.2021.00046
|View full text |Cite
|
Sign up to set email alerts
|

High-Assurance Cryptography in the Spectre Era

Abstract: High-assurance cryptography leverages methods from program verification and cryptography engineering to deliver efficient cryptographic software with machine-checked proofs of memory safety, functional correctness, provable security, and absence of timing leaks. Traditionally, these guarantees are established under a sequential execution semantics. However, this semantics is not aligned with the behavior of modern processors that make use of speculative execution to improve performance. This mismatch, combined… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
22
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
6
1

Relationship

2
5

Authors

Journals

citations
Cited by 19 publications
(22 citation statements)
references
References 49 publications
0
22
0
Order By: Relevance
“…LCMs support branching on secrets and are not limited to reasoning about vulnerabilities involving transient execution nor are they limited to capturing just a single Spectre variant. Pitchfork [17] detects SPECTRE V1/V4; however, its implementation is unsound [10], and its SPECTRE V4 detection scheme scales poorly.…”
Section: Related Workmentioning
confidence: 99%
“…LCMs support branching on secrets and are not limited to reasoning about vulnerabilities involving transient execution nor are they limited to capturing just a single Spectre variant. Pitchfork [17] detects SPECTRE V1/V4; however, its implementation is unsound [10], and its SPECTRE V4 detection scheme scales poorly.…”
Section: Related Workmentioning
confidence: 99%
“…Like the constant-time programming model in the non-speculative world, the • ct leakage model is strong and hardware-agnostic, making it a solid foundation for security guarantees. The • ct leakage model is a popular choice among existing formalizations: As we highlight in Figure 2, over half of the formal semantics for Spectre use the • ct leakage model (or an equivalent) [8,16,21,27,28,55,67]. Guarnieri et al [29] leave the leakage model abstract, allowing the semantics to be used with several different leakage models, including • ct .…”
Section: Leakage Modelsmentioning
confidence: 99%
“…This makes it ideal for domains that already have clear policies about what data is sensitive, such as cryptography (e.g., secret keys) or software isolation (e.g., memory outside the sandbox). Indeed, tools that target cryptographic applications ( [8,16,21,67]) all verify that programs satisfy the direct speculative constant-time (SCT) property.…”
Section: Non-interference and Policiesmentioning
confidence: 99%
See 2 more Smart Citations