NDSS 2025 – GadgetMeter: Quantitatively And Accurately Gauging The Exploitability Of Speculative Gadgets

Speculative execution attacks are hard to prevent due to performance impacts. Current scanners that identify vulnerable code snippets lack accuracy in modeling timing properties. Timing requirements are essential as a race condition within the gadget. GadgetMeter is a framework to quantitatively gauge the exploitability of speculative gadgets based on timing. Attacker's power to optimize the race condition is systematically explored. A Directed Acyclic Instruction Graph models timing conditions using static analysis and runtime testing. This optimizes attack patterns and quantifies gadget vulnerability. Evaluating real-world software and the Linux kernel shows GadgetMeter accurately identifies exploitable gadgets. It also quantifies their vulnerability level, reporting that 471 gadgets are unexploitable. The Network and Distributed System Security Symposium (NDSS) focuses on network and distributed system security.