Secret-Directed Unwinding

Brijesh Dongol 📧, Matthew Griffin 📧, Andrei Popescu 📧 and Jamie Wright 📧

May 24, 2024

This is a development version of this entry. It might change over time and is not stable. Please refer to release versions for citations.


This entry formalizes the secret-directed unwinding disproof method for relative security. The method was presented in the CSF 2024 paper "Relative Security: Formally Modeling and (Dis)Proving Resilience Against Semantic Optimization Vulnerabilities". Secret-directed unwinding can be used to prove the existence of transient execution vulnerabilities. The main characteristics of secret-directed unwinding are that (1) it is used to disprove rather than prove security and (2) it proceeds in a manner that is "directed" by given sequences of secrets. The second characteristic is shared with the unwinding method for bounded- deducibility security.


BSD License


Session Secret_Directed_Unwinding

Depends on