Place Protections at the Right Place: Targeted Hardening for Cryptographic Code against Spectre v1

Spectre v1 attacks pose a substantial threat to security-critical software, particularly cryptographic implementations. Existing software mitigations, however, often introduce excessive overhead by indiscriminately hardening instructions without assessing their vulnerability. We propose an analysis framework that employs a novel fixpoint algorithm to detect Spectre vulnerabilities and apply targeted hardening. The fixpoint algorithm accounts for program behavior changes induced by stepwise hardening, enabling precise, sound and efficient vulnerability detection. This framework also provides flexibility for diverse hardening strategies and attacker models, enabling customized targeted hardening. We instantiate the framework as LightSLH, which hardens program with provable security.

We evaluate LightSLH on cryptographic algorithms from OpenSSL, Libsodium, and NaCL. Across all experimental cases, LightSLH provides the lowest overhead among current provable protection strategies, including 0% overhead in 58.3% cases. Notably, the analysis of LightSLH reveals two previously unknown security issues: (1) The compiler can introduce risks overlooked by LLSCT, a hardening method proven secure at the LLVM IR level. We successfully construct a side channel by exploiting compiler-inserted stack loads, confirming this risk. (2) Memory access patterns generated by the scatter-gather algorithm still depend on secrets, even for observers with cache line granularity. These findings and results highlight the importance of applying accurate protections to specific instructions.