GadgetMeter: Quantitatively and Accurately Gauging the Exploitability of Speculative Gadgets
Qi Ling
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · Software Security: Vulnerability Detection
Since their public disclosure in 2018, **speculative execution attacks**, most notably Spectre, have presented a persistent and severe threat to modern computer systems. These attacks exploit a fundamental optimization technique in contemporary processors, allowing attackers to infer secret data by observing side-channel effects of speculatively executed instructions that should never have occurred. A critical challenge in mitigating these vulnerabilities lies in identifying the specific code snippets, known as **gadgets**, that are truly exploitable in practice. While numerous tools exist to pinpoint potential gadgets, applying patches indiscriminately to every identified instance can lead to substantial and often unnecessary performance degradation.
AI review
Solid, technically rigorous work from a first-year PhD student that meaningfully advances the Spectre gadget analysis space. The core contribution — modeling windowing power systematically and combining DAG-based static analysis with real hardware runtime measurement to produce a quantitative exploitability score — is a genuine step forward over ROB-size approximations that have plagued prior scanners.