ARCH7.md (1553B)
1 # ARCH7: Sidecar Config for Secret/Public Arguments 2 3 ## Goal 4 5 Allow users to declare, per function, which argument registers are 6 secret or public so the taint analysis can seed entry-state taint and 7 catch secret-dependent memory accesses. 8 9 ## Scope 10 11 - Sidecar JSON config file supplied to the CLI. 12 - Per-symbol argument policies based on register names. 13 - No new dependencies beyond existing aeson/text/containers. 14 15 ## Config Model 16 17 - JSON object mapping function symbol to argument policy. 18 - Each policy specifies optional `secret` and `public` lists of 19 registers. 20 21 Example: 22 23 { 24 "mul_wnaf": { 25 "secret": ["X0"], 26 "public": ["X1", "X2", "X3"] 27 } 28 } 29 30 Semantics: 31 32 - `secret` registers are tainted Secret at function entry. 33 - `public` registers are tainted Public at function entry. 34 - Unlisted registers keep default init taint (public roots only). 35 - If a register appears in both lists, treat as Secret. 36 37 ## Integration Points 38 39 - Extend the CLI to accept `--taint-config <path>`. 40 - Parse config once and map symbols to argument policies. 41 - Seed the entry TaintState for each function before dataflow. 42 - Inter-proc summaries stay taint-based; entry seeding applies at 43 function boundaries. 44 45 ## Reporting 46 47 - No output changes, but violations now include secret-indexed accesses 48 when seeded. 49 - Optional warning if a function has a policy but is not found in the 50 assembly. 51 52 ## Risks 53 54 - Incorrect register naming in config -> no effect. Validate names and 55 report errors early. 56 - Over-tainting can increase false positives, which is acceptable.