Place Protections at the Right Place: Targeted Hardening for Cryptographic Code against Spectre v1
No ratings
Presented at USENIX Security 2025 by
Spectre v1 attacks pose a substantial threat to security-critical software, particularly cryptographic implementations. Existing software mitigations, however, often introduce excessive overhead by indiscriminately hardening instructions without assessing their vulnerability. We propose an analysis framework that employs a novel fixpoint algorithm to detect Spectre vulnerabilities and apply targeted hardening. The fixpoint algorithm accounts for program behavior changes induced by stepwise hardening, enabling precise, sound and efficient vulnerability detection. This framework also provides flexibility for diverse hardening strategies and attacker models, enabling customized targeted hardening. We instantiate the framework as LightSLH, which hardens program with provable security.