Spectector

Automatic detection of speculative information flows



Spectector is a tool for automatically detecting leaks caused by speculatively executed instructions in x64 assembly programs.

In a nutshell, Spectector symbolically executes the program under analysis with respect to a semantics that captures the effects of speculatively executed instructions. During the symbolic execution, Spectector derives SMT formulae characterizing leaks caused by speculatively executed instructions, and it relies on the Z3 SMT solver to determine the presence of possible leaks or prove their absence.

Using Spectector, we detected subtle bugs in the way Spectre-countermeasures are placed by several major compilers, which may result in insecure programs or unnecessary countermeasures.


Downloads

  • The source code of Spectector is available on Github at the following repository .
    See the README for more information on installing and using Spectector.

  • The benchmarks used in the Spectector’s paper are available at the following repository .
    See the README for more information on how to reproduce the experimental results from the Spectector’s paper.


Publications

  • Hardware/software contracts for secure speculation
    Marco Guarnieri, Boris Koepf, Jan Reineke, Pepe Vila
    In: Proceedings of the 42nd IEEE Symposium on Security & Privacy, May 2021
    Paper Extended version (arXiv) Talk

  • Spectector: Principled Detection of Speculative Information Flows
    Marco Guarnieri, Boris Koepf, José Francisco Morales, Jan Reineke, Andrés Sánchez
    In: Proceedings of the 41st IEEE Symposium on Security & Privacy, May 2020
    Paper Extended version (arXiv) Preview video Talk Slides


Team

Marco Guarnieri
IMDEA Software Institute
Boris Koepf
Microsoft Research Cambridge
José F. Morales
IMDEA Software Institute
Jan Reineke
Saarland University
Andrés Sánchez
IMDEA Software Institute