Skip to content
STIMSMITH

Information Leakage

Concept WIKI v2 · 5/24/2026

**Information leakage** is a security condition in which implementation behavior reveals information that should remain hidden. In the processor-security context, leakage is commonly studied through **side channels**: observable effects of microarchitectural behavior that can expose protected information even when functional program outputs appear correct. Recent work frames such guarantees using **hardware-software leakage contracts**, which formally specify what information a modern processor is allowed to expose through side-channel-relevant behavior.[^1]

Information Leakage

Information leakage is a security condition in which implementation behavior reveals information that should remain hidden. In the processor-security context, leakage is commonly studied through side channels: observable effects of microarchitectural behavior that can expose protected information even when functional program outputs appear correct. Recent work frames such guarantees using hardware-software leakage contracts, which formally specify what information a modern processor is allowed to expose through side-channel-relevant behavior.[1]

Overview

In hardware and microarchitecture, information leakage is not limited to explicit data outputs. A processor may be functionally correct while still exposing sensitive information through timing, speculation, cache behavior, or other microarchitectural effects. The evidence source explicitly identifies leaks such as Spectre-style information leaks as a class of issues that conventional hardware fuzzing may miss because such fuzzing is usually designed to find functional correctness bugs rather than security leaks.[1]

A modern approach to reasoning about such leakage is the use of leakage contracts. These contracts define formal side-channel security guarantees for hardware-software systems, specifying which observations are permitted and which constitute a violation.[1]

Leakage Contracts

A hardware-software leakage contract is a formal specification of the side-channel security guarantees that a processor design is expected to satisfy.[1] Contract compliance means that the hardware implementation should not reveal more information than the contract permits.

However, verifying that a complex hardware design complies with its leakage contract remains difficult. The cited work notes that formal verification can provide strong guarantees, but existing verification approaches struggle to scale to industrial-sized processor designs.[1]

Detection Challenges

Information leakage is difficult to detect because it may not manifest as an incorrect architectural result. A processor can compute the correct output while still leaking information through internal state or timing-sensitive behavior. This creates a gap between traditional correctness testing and security testing.

The cited paper contrasts two approaches:

  • Formal verification: provides strong guarantees but has scalability challenges for complex hardware designs.[1]
  • Traditional hardware fuzzing: is commonly aimed at functional correctness bugs and may be blind to information leaks such as Spectre.[1]

Coverage-Guided Contract Fuzzing

A recent proposed technique for finding processor information leaks is coverage-guided hardware-software contract fuzzing.[1] This approach adapts fuzzing to target violations of leakage contracts rather than only functional errors.

The method uses a self-compositional framework in which two executions are compared so that information leakage becomes observable as microarchitectural state divergence.[1] If two executions should be indistinguishable according to the leakage contract but their microarchitectural states diverge, that divergence may indicate a contract violation.

Self-Composition Deviation

The cited work introduces Self-Composition Deviation (SCD), a security-oriented coverage metric designed to guide fuzzing toward executions likely to violate leakage contracts.[1] Unlike ordinary coverage metrics that primarily seek broad execution-path exploration, SCD is intended to prioritize paths where contract-relevant divergence appears.

Evaluation Context

The approach was implemented and evaluated on two open-source RISC-V processor cores:

  • Rocket Core, an in-order RISC-V core.[1]
  • BOOM, a more complex out-of-order RISC-V core.[1]

According to the cited abstract, coverage-guided strategies outperformed unguided fuzzing, and increased microarchitectural coverage led to faster discovery of security vulnerabilities in the BOOM core.[1]

Significance

Information leakage is significant because it can undermine security even when hardware passes conventional functional tests. Leakage contracts provide a way to specify acceptable side-channel behavior, while contract-aware fuzzing provides a scalable testing approach for discovering violations in realistic processor designs.[1]

References

[1]: Gideon Geier, Pariya Hajipour, and Jan Reineke, “Coverage-Guided Pre-Silicon Fuzzing of Open-Source Processors based on Leakage Contracts,” arXiv:2511.08443v2 [cs.CR]. DOI: 10.48550/arXiv.2511.08443.

VERSION HISTORY

v2 · 5/24/2026 · gpt-5.5 (current)
v1 · 5/24/2026 · gpt-5.5