Spectre and Meltdown attacks and their variants exploit performance optimization features to cause security breaches. Secret information is accessed and leaked through micro-architectural covert channels. New attack variants keep appearing and we do not have a systematic way to capture the critical characteristics of these attacks and evaluate why they succeed. In this paper, we provide a new attack-graph model for reasoning about speculative micro-architectural attacks. We model attacks as ordered dependency graphs, and define a new concept, i.e. security dependency, between a resource access and its prior authorization operation. We prove that a missing security dependency is equivalent to a race condition between authorization and access, which is a root cause of speculative execution attacks. We show detailed examples of how our attack graph models the Spectre and Meltdown attacks, and is generalizable to all the attack variants published so far. We also show that this attack model is very useful for identifying new attacks and for generalizing defense strategies. We show that the defenses proposed so far all fit under one of our defense strategies. We also explain how attack graphs can be constructed and point to this as very promising future work for tool designers.

中文翻译：

---

用于理解和推理推测执行攻击的新模型

Spectre 和 Meltdown 攻击及其变体利用性能优化功能导致安全漏洞。秘密信息通过微架构隐蔽渠道被访问和泄露。新的攻击变种不断出现，我们没有系统的方法来捕捉这些攻击的关键特征并评估它们为什么会成功。在本文中，我们提供了一种新的攻击图模型，用于推理推测性微架构攻击。我们将攻击建模为有序的依赖图，并在资源访问与其先前的授权操作之间定义了一个新概念，即安全依赖。我们证明缺少安全依赖相当于授权和访问之间的竞争条件，这是推测执行攻击的根本原因。我们展示了我们的攻击图如何对 Spectre 和 Meltdown 攻击进行建模的详细示例，并且可以推广到迄今为止发布的所有攻击变体。我们还表明，这种攻击模型对于识别新攻击和推广防御策略非常有用。我们表明到目前为止提出的防御都符合我们的防御策略之一。我们还解释了如何构建攻击图，并指出这是工具设计人员非常有前途的未来工作。