Exposing memory accesses and branches in machine code to symbolic execution : Tracking instructions through binary raising

Abstract: In 2018, a new security vulnerability was discovered that existed in billions of processors from different manufacturers, using various architectures. A so-called spectre attack can be launched to exploit the vulnerability and cause cryptographic information to leak through side-channels of the targeted system. This thesis presents a proof of concept to aid tools that can be used to detect such vulnerabilities in LLVM IR. Through the process of lifting a binary into an intermediate representation such as LLVM IR, such tools can be used to detect such vulnerabilities in the original binary. The proof of concept includes an investigation into one such binary lifter, and subsequent editing of the source code, to enable connecting specific LLVM instructions to the originating machine code instructions through their address. These contributions would allow more accurate detection and tracking of spectre vulnerabilities existing in machine code through the machine code independent LLVM IR.