Triosecuris: Formally Verified Protection Against Speculative Control-Flow Hijacking
This provides a strong, formally verified protection against speculative execution vulnerabilities for arbitrary programs, addressing a critical security issue in computing systems.
The paper tackles the problem of speculative control-flow hijacking attacks like Spectre by introducing Triosecuris, a formally verified defense that combines hardware-assisted control-flow integrity with compiler-inserted speculative load hardening, achieving a proven security guarantee that transformed programs leak no more than source programs without speculation.
This paper introduces Triosecuris, a formally verified defense against Spectre BTB, RSB, and PHT that combines CET-style hardware-assisted control-flow integrity with compiler-inserted speculative load hardening (SLH). Triosecuris is based on the novel observation that in the presence of CET-style protection, we can precisely detect BTB misspeculation for indirect calls and RSB misspeculation for returns and set the SLH misspeculation flag. We formalize Triosecuris as a transformation in Rocq and provide a machine-checked proof that it achieves relative security: any transformed program running with speculation leaks no more than what the source program leaks without speculation. This strong security guarantee applies to arbitrary programs, even those not following the cryptographic constant-time programming discipline.