Common use of Contracts for secure speculation Clause in Contracts

Contracts for secure speculation. We now define four fundamental contracts that characterize the security guarantees offered by mechanisms for secure speculation. We derive our contracts, which we fully formalize in [19], as the combination of two kinds of building blocks. 1) Building blocks for contracts: The first building block are observer modes, which govern what information a contract exposes. We define them via labels on the contract semantics. • The constant-time observer mode (ct for short) is com- monly used when reasoning about side channels in crypto- graphic algorithms. It uses labels pc A, load n, and store n to expose the value A of the program counter and the addresses n of load and store operations. The ct observer mode can be augmented with support for variable-latency instructions by additionally exposing the operands of those instructions as observations, or refined to capture adversaries that can infer addresses of memory accesses only up to the granularity of cache banks, lines, or pages [20]. We forgo both extensions for simplicity. • The architectural observer mode (arch for short) addi- tionally exposes the value v that is loaded from memory location n via the label load n = v upon each load instruction. As registers are set to zero in the initial architectural state, arch traces effectively determine the values of all registers during execution. The second building block are execution modes that charac- terize which paths need to be explored to collect observations. For processors with speculative execution, depending on the presence and effectiveness of hardware-level countermeasures, it is necessary to go beyond paths covered by the architectural semantics. • In the sequential execution mode (seq for short), programs are executed sequentially and in-order following the architec- tural semantics. • In the always-mispredict execution mode (spec for short), programs are executed sequentially, but incorrect branches run σ l1 σ l2 ln σ define the trace p (σ ) = l l

Contracts for secure speculation. ‌ We now define four fundamental contracts that characterize the security guarantees offered by mechanisms for secure speculation. We derive our contracts, which we fully formalize in [19], as the combination of two kinds of building blocks. 1) Building blocks for contracts: The first building block are observer modes, which govern what information a contract exposes. We define them via labels on the contract semantics. • The constant-time observer mode (ct for short) is com- monly used when reasoning about side channels in crypto- graphic algorithms. It uses labels pc Aℓ, load n, and store n to expose the value A ℓ of the program counter and the addresses n of load and store operations. The ct observer mode can be augmented with support for variable-latency instructions by additionally exposing the operands of those instructions as observations, or refined to capture adversaries that can infer addresses of memory accesses only up to the granularity of cache banks, lines, or pages [20]. We forgo both extensions for simplicity. • The architectural observer mode (arch for short) addi- tionally exposes the value v that is loaded from memory location n via the label load n = v upon each load instruction. As registers are set to zero in the initial architectural state, arch traces effectively determine the values of all registers during execution. The second building block are execution modes that charac- terize which paths need to be explored to collect observations. For processors with speculative execution, depending on the presence and effectiveness of hardware-level countermeasures, it is necessary to go beyond paths covered by the architectural semantics. • In the sequential execution mode (seq for short), programs are executed sequentially and in-order following the architec- tural semantics. • In the always-mispredict execution mode (spec for short), programs are executed sequentially, but incorrect branches run σ l1 σ l2 ln σ define the trace p (σ ) = l lσ