Automatically eliminating speculative leaks from cryptographic code with blade
We introduce Blade, a new approach to automatically and efficiently eliminate speculative leaks from cryptographic code. Blade is built on the insight that to stop leaks via speculative execution, it suffices to cut the dataflow from expressions that speculatively introduce secrets ( sources ) to th...
Saved in:
| Published in | Proceedings of ACM on programming languages Vol. 5; no. POPL; pp. 1 - 30 |
|---|---|
| Main Authors | , , , , , , , |
| Format | Journal Article |
| Language | English |
| Published |
01.01.2021
|
| Online Access | Get full text |
| ISSN | 2475-1421 2475-1421 |
| DOI | 10.1145/3434330 |
Cover
| Abstract | We introduce Blade, a new approach to automatically and efficiently eliminate speculative leaks from cryptographic code. Blade is built on the insight that to stop leaks via speculative execution, it suffices to cut the dataflow from expressions that speculatively introduce secrets ( sources ) to those that leak them through the cache ( sinks ), rather than prohibit speculation altogether. We formalize this insight in a static type system that (1) types each expression as either transient , i.e., possibly containing speculative secrets or as being stable , and (2) prohibits speculative leaks by requiring that all sink expressions are stable. Blade relies on a new abstract primitive, protect , to halt speculation at fine granularity. We formalize and implement protect using existing architectural mechanisms, and show how Blade’s type system can automatically synthesize a minimal number of protect s to provably eliminate speculative leaks. We implement Blade in the Cranelift WebAssembly compiler and evaluate our approach by repairing several verified, yet vulnerable WebAssembly implementations of cryptographic primitives. We find that Blade can fix existing programs that leak via speculation automatically , without user intervention, and efficiently even when using fences to implement protect . |
|---|---|
| AbstractList | We introduce Blade, a new approach to automatically and efficiently eliminate speculative leaks from cryptographic code. Blade is built on the insight that to stop leaks via speculative execution, it suffices to cut the dataflow from expressions that speculatively introduce secrets ( sources ) to those that leak them through the cache ( sinks ), rather than prohibit speculation altogether. We formalize this insight in a static type system that (1) types each expression as either transient , i.e., possibly containing speculative secrets or as being stable , and (2) prohibits speculative leaks by requiring that all sink expressions are stable. Blade relies on a new abstract primitive, protect , to halt speculation at fine granularity. We formalize and implement protect using existing architectural mechanisms, and show how Blade’s type system can automatically synthesize a minimal number of protect s to provably eliminate speculative leaks. We implement Blade in the Cranelift WebAssembly compiler and evaluate our approach by repairing several verified, yet vulnerable WebAssembly implementations of cryptographic primitives. We find that Blade can fix existing programs that leak via speculation automatically , without user intervention, and efficiently even when using fences to implement protect . |
| Author | Stefan, Deian Vassena, Marco Gleissenthall, Klaus von Cauligi, Sunjay Disselkoen, Craig Kıcı, Rami Gökhan Jhala, Ranjit Tullsen, Dean |
| Author_xml | – sequence: 1 givenname: Marco surname: Vassena fullname: Vassena, Marco organization: CISPA, Germany – sequence: 2 givenname: Craig surname: Disselkoen fullname: Disselkoen, Craig organization: University of California at San Diego, USA – sequence: 3 givenname: Klaus von surname: Gleissenthall fullname: Gleissenthall, Klaus von organization: Vrije Universiteit Amsterdam, Netherlands – sequence: 4 givenname: Sunjay surname: Cauligi fullname: Cauligi, Sunjay organization: University of California at San Diego, USA – sequence: 5 givenname: Rami Gökhan surname: Kıcı fullname: Kıcı, Rami Gökhan organization: University of California at San Diego, USA – sequence: 6 givenname: Ranjit surname: Jhala fullname: Jhala, Ranjit organization: University of California at San Diego, USA – sequence: 7 givenname: Dean surname: Tullsen fullname: Tullsen, Dean organization: University of California at San Diego, USA – sequence: 8 givenname: Deian surname: Stefan fullname: Stefan, Deian organization: University of California at San Diego, USA |
| BookMark | eNplkEtLAzEUhYNUsNbiX8jO1Wjeky5L8QVFN7oe7mQybTQzGZJUmX_viF2Ichb3HPi4HM45mvWhtwhdUnJNqZA3XEzi5ATNmShlQQWjs1_-DC1TeiOE0BUXmq_m6Gl9yKGD7Ax4P2LrXef6KfY7nAZrDn7yHxZ7C-8JtzF02MRxyGEXYdg7g01oLP50eY9rD429QKct-GSXx7tAr3e3L5uHYvt8_7hZbwvDpM6FoSXXoLjUumUaNFe1IZooyYmgTAjgCrgUDIg2SgAp64ZC3aqVtcaWivIFKn7-mhhSiratjMtT1dDnCM5XlFTfe1THPSb-6g8_RNdBHP-RX-fxYIc |
| CitedBy_id | crossref_primary_10_1109_TC_2022_3152666 crossref_primary_10_1145_3704880 crossref_primary_10_1016_j_cosrev_2025_100728 crossref_primary_10_1145_3704887 crossref_primary_10_1145_3643772 crossref_primary_10_1145_3704867 |
| Cites_doi | 10.1145/3133956.3134043 10.1145/1542476.1542504 10.14722/ndss.2020.24271 10.1145/996893.996869 10.1145/3297858.3304060 10.1109/SP.2019.00064 10.5555/353629.353648 10.1145/3243734.3243761 10.1145/3290390 10.1145/3133956.3134078 10.1007/11605805_1 10.1007/s00145-009-9049-y 10.1109/MICRO.2018.00042 10.1109/SP40000.2020.00089 10.1109/CSFW.1993.246638 10.1109/CSFW.2004.1310740 10.1145/3314221.3314647 10.1145/3352460.3358274 |
| ContentType | Journal Article |
| DBID | AAYXX CITATION |
| DOI | 10.1145/3434330 |
| DatabaseName | CrossRef |
| DatabaseTitle | CrossRef |
| DatabaseTitleList | CrossRef |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISSN | 2475-1421 |
| EndPage | 30 |
| ExternalDocumentID | 10_1145_3434330 |
| GroupedDBID | AAKMM AAYFX AAYXX ACM AEFXT AEJOY AIKLT AKRVB ALMA_UNASSIGNED_HOLDINGS CITATION GUFHI LHSKQ M~E OK1 ROL |
| ID | FETCH-LOGICAL-c258t-c1738a63588f28a836bc080653041244a36a3542a08c64a07bd1abf69eece7613 |
| ISSN | 2475-1421 |
| IngestDate | Thu Apr 24 23:05:44 EDT 2025 Thu Jul 03 08:44:50 EDT 2025 |
| IsDoiOpenAccess | false |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | POPL |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-c258t-c1738a63588f28a836bc080653041244a36a3542a08c64a07bd1abf69eece7613 |
| OpenAccessLink | https://dl.acm.org/doi/pdf/10.1145/3434330 |
| PageCount | 30 |
| ParticipantIDs | crossref_citationtrail_10_1145_3434330 crossref_primary_10_1145_3434330 |
| PublicationCentury | 2000 |
| PublicationDate | 2021-01-01 |
| PublicationDateYYYYMMDD | 2021-01-01 |
| PublicationDate_xml | – month: 01 year: 2021 text: 2021-01-01 day: 01 |
| PublicationDecade | 2020 |
| PublicationTitle | Proceedings of ACM on programming languages |
| PublicationYear | 2021 |
| References | Yarom Yuval (e_1_2_1_34_1) 2014 Aiken Alex (e_1_2_1_1_1) McIlroy Ross (e_1_2_1_10_1) 1902 Wang Guanhua (e_1_2_1_30_1) 1807 e_1_2_1_23_1 e_1_2_1_24_1 Lipp Moritz (e_1_2_1_8_1) 2018 e_1_2_1_21_1 McMullen Tyler (e_1_2_1_11_1) 2020 Shanbhogue Vedvyas (e_1_2_1_22_1) 2019 Reis Charles (e_1_2_1_20_1) 2019 e_1_2_1_28_1 Kocher Paul (e_1_2_1_5_1) 2019 e_1_2_1_25_1 e_1_2_1_26_1 e_1_2_1_29_1 Kiriansky Vladimir (e_1_2_1_4_1) 1807 e_1_2_1_7_1 e_1_2_1_31_1 e_1_2_1_3_1 e_1_2_1_35_1 e_1_2_1_13_1 e_1_2_1_33_1 e_1_2_1_2_1 e_1_2_1_32_1 e_1_2_1_17_1 Moghimi Daniel (e_1_2_1_12_1) 2020 e_1_2_1_14_1 e_1_2_1_15_1 e_1_2_1_36_1 Nielson Hanne Riis (e_1_2_1_16_1) Koruyeh Esmaeil Mohammadian (e_1_2_1_6_1) 2018 Vassena Marco (e_1_2_1_27_1) 2020 e_1_2_1_9_1 e_1_2_1_18_1 e_1_2_1_19_1 |
| References_xml | – volume-title: Flow logics for constraint based analysis ident: e_1_2_1_16_1 – ident: e_1_2_1_36_1 doi: 10.1145/3133956.3134043 – ident: e_1_2_1_15_1 doi: 10.1145/1542476.1542504 – ident: e_1_2_1_21_1 doi: 10.14722/ndss.2020.24271 – ident: e_1_2_1_24_1 – volume-title: Spectre is here to stay: An analysis of side-channels and speculative execution. CoRR abs/ year: 1902 ident: e_1_2_1_10_1 – volume-title: Speculative Bufer Overflows: Attacks and Defenses. CoRR abs/ year: 1807 ident: e_1_2_1_4_1 – ident: e_1_2_1_28_1 doi: 10.1145/996893.996869 – volume-title: 27th USENIX Security Symposium (USENIX Security 18) year: 2018 ident: e_1_2_1_8_1 – volume-title: 29th USENIX Security Symposium (USENIX Security 20) year: 2020 ident: e_1_2_1_12_1 – ident: e_1_2_1_18_1 – ident: e_1_2_1_23_1 doi: 10.1145/3297858.3304060 – ident: e_1_2_1_19_1 doi: 10.1109/SP.2019.00064 – ident: e_1_2_1_29_1 doi: 10.5555/353629.353648 – ident: e_1_2_1_9_1 doi: 10.1145/3243734.3243761 – volume-title: Constraint-based program analysis ident: e_1_2_1_1_1 – volume-title: oo7: Lowoverhead Defense against Spectre Attacks via Binary Analysis. CoRR abs/ year: 1807 ident: e_1_2_1_30_1 – volume-title: Spectre Attacks: Exploiting Speculative Execution. In 40th IEEE Symposium on Security and Privacy (S&P'19) year: 2019 ident: e_1_2_1_5_1 – ident: e_1_2_1_31_1 doi: 10.1145/3290390 – ident: e_1_2_1_2_1 doi: 10.1145/3133956.3134078 – ident: e_1_2_1_17_1 doi: 10.1007/11605805_1 – start-page: 719 volume-title: 23rd USENIX Security Symposium (USENIX Security 14) year: 2014 ident: e_1_2_1_34_1 – volume-title: Lucet: A Compiler and Runtime for High-Concurrency Low-Latency Sandboxing. Principles of Secure Compilation (PriSC). year: 2020 ident: e_1_2_1_11_1 – volume-title: Site Isolation: Process Separation for Web Sites within the Browser. In USENIX Security Symposium. year: 2019 ident: e_1_2_1_20_1 – ident: e_1_2_1_3_1 – ident: e_1_2_1_25_1 doi: 10.1007/s00145-009-9049-y – volume-title: Ranjit Jhala, Dean Tullsen, and Deian Stefan. year: 2020 ident: e_1_2_1_27_1 – ident: e_1_2_1_33_1 doi: 10.1109/MICRO.2018.00042 – start-page: 3 volume-title: Proceedings of the 12th USENIX Conference on Ofensive Technologies (Baltimore, MD, USA) ( WOOT'18). USENIX Association year: 2018 ident: e_1_2_1_6_1 – ident: e_1_2_1_26_1 doi: 10.1109/SP40000.2020.00089 – ident: e_1_2_1_7_1 doi: 10.1109/CSFW.1993.246638 – ident: e_1_2_1_13_1 – volume-title: Security Analysis of Processor Instruction Set Architecture for Enforcing Control-Flow Integrity. In International Workshop on Hardware and Architectural Support for Security and Privacy (HASP). year: 2019 ident: e_1_2_1_22_1 – ident: e_1_2_1_14_1 doi: 10.1109/CSFW.2004.1310740 – ident: e_1_2_1_32_1 doi: 10.1145/3314221.3314647 – ident: e_1_2_1_35_1 doi: 10.1145/3352460.3358274 |
| SSID | ssj0001934839 |
| Score | 2.397167 |
| Snippet | We introduce Blade, a new approach to automatically and efficiently eliminate speculative leaks from cryptographic code. Blade is built on the insight that to... |
| SourceID | crossref |
| SourceType | Enrichment Source Index Database |
| StartPage | 1 |
| Title | Automatically eliminating speculative leaks from cryptographic code with blade |
| Volume | 5 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1LbxMxELZCuXCB8hKFFvmAuERbun6tc4yiogqRkkOLeotsrxeVLpsq3a1UDvwD_jMe29k6oRKPy2rltZPI82X8rT3fDEJviKncIkCqjGlmMkZJkemS55k1jr2XjnMoDWrk6bE4OmUfzvjZYPAziVrqWr1vvt-pK_kfq7o2Z1dQyf6DZfsPdQ3u3tnXXZ2F3fWvbDzu2oVPuarq-mZoa1-hy8cxg4DSF-a6tlAY4uIq6EjM8uayDUmqz80Q5OxhI1bXqlyLCZr165oP9RhPpnCqEIO5vsE3rDY6e07-2dFwGxRmU_fvWfQUGU7864tF8G-TpTr_0gf91BYeNi1UdPEup1bd1fD6NjRgojoImQ7xQ83XGPETdylInuxSeGdGWMGznAU19L69oy16Y56AbvZp9jFxrnmySofDnN_9P4NUGRTksvG4Zy3D9sbK18cjBnU2n8eB99B9UhT-1H_6I9myG1EmfW26_pcHGTaMfRfHJvwmISon2-hhfMPA4wCXx2hgmyfo0ap6B47O_Ck6XkMPTtCDE_Rgjx4M6MFr6MGAHgzowR49z9Dp-8OTyVEWq2tkhnDZZiYvqFSOb0pZEakkFRqyzgtOfUVypqhQlDOiDqQRTB0UusyVrsTIWmMLxwKfo61m0dgXCFeCmREtc1E4Qi4qMhKl4FpaNy2lFtruoLerOZmbmHoeKqDU842J30G473gZsq1sdnn55y6v0INbCO6irXbZ2T1HHVv92hv0F6wmclo |
| linkProvider | ISSN International Centre |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Automatically+eliminating+speculative+leaks+from+cryptographic+code+with+blade&rft.jtitle=Proceedings+of+ACM+on+programming+languages&rft.au=Vassena%2C+Marco&rft.au=Disselkoen%2C+Craig&rft.au=Gleissenthall%2C+Klaus+von&rft.au=Cauligi%2C+Sunjay&rft.date=2021-01-01&rft.issn=2475-1421&rft.eissn=2475-1421&rft.volume=5&rft.issue=POPL&rft.spage=1&rft.epage=30&rft_id=info:doi/10.1145%2F3434330&rft.externalDBID=n%2Fa&rft.externalDocID=10_1145_3434330 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2475-1421&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2475-1421&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2475-1421&client=summon |