Relative security: (dis)proving resilience against semantic optimization vulnerabilities in Isabelle/HOL

Abstract

Meltdown and Spectre are vulnerabilities known as transient execution vulnerabilities, where an attacker exploits speculative execution (a semantic optimization present in most modern processors) to break confidentiality. We introduce relative security, a general notion of information-flow security that models this type of vulnerability by contrasting the leaks that are possible in a “vanilla” semantics with those possible in a different semantics, often obtained from the vanilla semantics via some optimizations. We describe incremental proof methods, in the style of Goguen and Meseguer’s unwinding, both for proving and for disproving relative security, and deploy these to formally establish the relative (in)security of some standard Spectre examples. Both the abstract results and the case studies have been mechanized in the Isabelle/HOL theorem prover. This paper is an extension of an earlier conference paper that provides significantly more detail on the Isabelle formalization and the unwinding proof process.

Metadata

Item Type:	Article
Authors/Creators:	Derrick, J. Dongol, B. Edmonds, C. Griffin, M. Popescu, A. https://orcid.org/0000-0001-8747-0619 Wright, J.
Copyright, Publisher and Additional Information:	© Crown 2025. Open Access: This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
Keywords:	Relative security; Unwinding; Isabelle/HOL; Information-flow security
Dates:	Accepted: 24 October 2025 Published (online): 18 November 2025 Published: December 2025
Institution:	The University of Sheffield
Academic Units:	The University of Sheffield > Faculty of Engineering (Sheffield) > Department of Computer Science (Sheffield) The University of Sheffield > Faculty of Science (Sheffield)
Funding Information:	Funder Grant number ENGINEERING AND PHYSICAL SCIENCE RESEARCH COUNCIL EP/R025134/2 ENGINEERING AND PHYSICAL SCIENCE RESEARCH COUNCIL EP/V039156/1 ENGINEERING AND PHYSICAL SCIENCE RESEARCH COUNCIL EP/X015114/1
Date Deposited:	05 Dec 2025 16:39
Last Modified:	05 Dec 2025 16:39
Status:	Published
Publisher:	Springer Science and Business Media LLC
Refereed:	Yes
Identification Number:	10.1007/s10817-025-09744-7
Related URLs:	Author
Open Archives Initiative ID (OAI ID):	oai:eprints.whiterose.ac.uk:235130

Download

Published Version

Filename: s10817-025-09744-7.pdf

Licence: CC-BY 4.0

CLICK TO DOWNLOAD

CORE (COnnecting REpositories)

Relative security: (dis)proving resilience against semantic optimization vulnerabilities in Isabelle/HOL

Abstract

Metadata

Download

Published Version

Export

Statistics