SpecIBT: Formally Verified Protection Against Speculative Control-Flow Hijacking
Jonathan Baumann, Yonghyun Kim, Yan Farba, Catalin Hritcu, Julay Leatherman-Brooks
TL;DR
SpecIBT targets speculative-control-flow attacks arising from $BTB$, $RSB$, and $PHT$ by marrying CET-style hardware-assisted CFI with compiler-inserted Ultimate SLH. The authors formalize SpecIBT in the Rocq prover, prove relative security for both the transformation and its machine-code translation, and address undefined behavior using CompCert-style undefined values. The work provides a fully mechanized end-to-end verification, supported by a Rocq artifact with thousands of lines of code and extensive tests, and demonstrates that precise BTB-misprediction detection suffices to bound leakage under speculation. This approach offers a practical path to secure compilation for arbitrary programs without relying on cryptographic-time assumptions, potentially informing future LLVM implementations and hardware-software defenses against speculative execution attacks.
Abstract
This paper introduces SpecIBT, a formally verified defense against Spectre BTB, RSB, and PHT that combines CET-style hardware-assisted control-flow integrity with compiler-inserted speculative load hardening (SLH). SpecIBT is based on the novel observation that in the presence of CET-style protection, we can precisely detect BTB misspeculation for indirect calls and set the SLH misspeculation flag. We formalize SpecIBT as a transformation in Rocq and provide a machine-checked proof that it achieves relative security: any transformed program running with speculation leaks no more than what the source program leaks without speculation. This strong security guarantee applies to arbitrary programs, even those not following the cryptographic constant-time programming discipline.
