all InfoSec news
Automatic and Incremental Repair for Speculative Information Leaks. (arXiv:2305.10092v1 [cs.LO])
cs.CR updates on arXiv.org arxiv.org
We present CureSpec, the first model-checking based framework for automatic
repair of programs with respect to information leaks in the presence of
side-channels and speculative execution. CureSpec is based on formal models of
attacker capabilities, including observable side channels, inspired by the
Spectre attacks. For a given attacker model, CureSpec is able to either prove
that the program is secure, or detect potential side-channel vulnerabilities
and automatically insert mitigations such that the resulting code is provably
secure. Moreover, CureSpec can …
attacks automatic capabilities framework information leaks observable repair respect spectre speculative execution