SCR-Spectre: Spectre gadget detection method with strengthened context relevance

Spectre attacks can steal private information via some usual code snippets, and the difficulty in detecting Spectre gadgets is to mine the differences between the same code snippet in different context states. However, existing methods manually construct global behavior features of Spectre gadgets, which cannot capture fine-grained data flow and control flow between codes to distinguish normal code snippets with similar features, resulting in low detection accuracy. Meanwhile, existing methods select the speculative execution path for testing based on the judgment result of conditional instruction, which is prone to cause a path being repeatedly detected under similar conditions, leading to inefficient detection. Therefore, a Spectre gadget detection method with Strengthened Context Relevance (SCR-Spectre) is proposed. SCR-Spectre presents a strengthened context relevance SCR-BERT, which learns fine-grained data flow and control flow by the context relevance, increasing the detection precision. Furthermore, a novel combined dynamic and static testing framework is pioneered, which dynamically screens conditional instruction and statically extracts features of all speculative execution paths of this instruction, avoiding repetitive testing. Experimental results show that SCR-Spectre significantly outperforms state-of-the-art correlation methods. This method fuses fine-grained features between code contexts, strengthening the distinguishability of Spectre gadgets.