SpecFuzz: Bringing Spectre-type vulnerabilities to the surface

Research output: Contribution to book/Conference proceedings/Anthology/ReportConference contributionContributedpeer-review

Contributors

Abstract

SpecFuzz is the first tool that enables dynamic testing for
speculative execution vulnerabilities (e.g., Spectre). The key
is a novel concept of speculation exposure: The program is
instrumented to simulate speculative execution in software by
forcefully executing the code paths that could be triggered due
to mispredictions, thereby making the speculative memory
accesses visible to integrity checkers (e.g., AddressSanitizer).
Combined with the conventional fuzzing techniques, specula-
tion exposure enables more precise identification of potential
vulnerabilities compared to state-of-the-art static analyzers.
Our prototype for detecting Spectre V1 vulnerabilities suc-
cessfully identifies all known variations of Spectre V1 and
decreases the mitigation overheads across the evaluated appli-
cations, reducing the amount of instrumented branches by up
to 77% given a sufficient test coverage.

Details

Original languageEnglish
Title of host publicationProceedings of the 29th USENIX Security Symposium
PublisherUSENIX Association
Number of pages18
Publication statusPublished - 2020
Peer-reviewedYes

External IDs

Scopus 85088287360

Keywords

Research priority areas of TU Dresden

DFG Classification of Subject Areas according to Review Boards