SpecTerminator: Blocking Speculative Side Channels Based on Instruction Classes on RISC-V-Reference-Cited by-同舟云学术

SpecTerminator: Blocking Speculative Side Channels Based on Instruction Classes on RISC-V

Published:2023-02-10 Issue:1 Volume:20 Page:1-26
ISSN:1544-3566
Container-title:ACM Transactions on Architecture and Code Optimization
language:en
Short-container-title:ACM Trans. Archit. Code Optim.

Author:

Jin Hai¹^ORCID,He Zhuo¹^ORCID,Qiang Weizhong¹^ORCID

Affiliation:

1. Huazhong University of Science and Technology, Wuhan, China

Abstract

In modern processors, speculative execution has significantly improved the performance of processors, but it has also introduced speculative execution vulnerabilities. Recent defenses are based on the delayed execution to block various speculative side channels, but we show that several of the current state-of-the-art defenses fail to block some of the available speculative side channels, and the current most secure defense introduces a performance overhead of up to 24.5%. We propose SpecTerminator, the first defense framework based on instruction classes that can comprehensively and precisely block all existing speculative side channels. In SpecTerminator, a novel speculative side channel classification scheme based on the features of secret transmission is proposed, and the sensitive instructions in the speculative window are classified and identified using optimized hardware taint tracking and instruction masking techniques to accurately determine the scope of leakage. Then, according to the execution characteristics of these instructions, dedicated delayed execution strategies, such as TLB request ignoring, selective issue, and extended delay-on-miss, are designed for each type of sensitive instruction to precisely control that these instructions are delayed only in pipeline stages that are at risk of leakage. In contrast to previous defenses based on the Gem5 simulator, we have innovatively implemented defenses against Spectre attacks based on the open-source instruction set RISC-V on an FPGA-accelerated simulation platform that is more similar to real hardware. To evaluate the security of SpecTerminator, we have replicated various existing x86-based Spectre variants on RISC-V. On SPEC 2006, SpecTerminator defends against Spectre attacks based on memory hierarchy side channels with a performance overhead of 2.6% and against all existing Spectre attacks with a performance overhead of 6.0%.

Funder

National Natural Science Foundation of China

Publisher

Association for Computing Machinery (ACM)

Subject

Hardware and Architecture,Information Systems,Software

Link

https://dl.acm.org/doi/pdf/10.1145/3566053

Reference66 articles.

1. Sam Ainsworth and Timothy M. Jones. 2020. MuonTrap: Preventing cross-domain spectre-like attacks by capturing speculative state. In Proceedings of the ACM/IEEE 47th Annual International Symposium on Computer Architecture.IEEE, 132–144.

2. Alejandro Cabrera Aldaya, Billy Bob Brumley, Sohaib ul Hassan, Cesar Pereida Garcéa, and Nicola Tuveri. 2019. Port contention for fun and profit. In Proceedings of the 40th IEEE Symposium on Security and Privacy. IEEE, 870–887.

3. Jonathan Bachrach, Huy Vo, Brian Richards, Yunsup Lee, Andrew Waterman, Rimas Avižienis, John Wawrzynek, and Krste Asanović. 2012. Chisel: Constructing hardware in a scala embedded language. In Proceedings of the 49th Annual Design Automation Conference.IEEE, 1212–1221.

4. Raad Bahmani, Ferdinand Brasser, Ghada Dessouky, Patrick Jauernig, Matthias Klimmek, Ahmad-Reza Sadeghi, and Emmanuel Stapf. 2021. CURE: A security architecture with CUstomizable and resilient enclaves. In Proceedings of the 30th USENIX Security Symposium.USENIX Association, 1073–1090.

5. Kristin Barber, Anys Bacha, Li Zhou, Yinqian Zhang, and Radu Teodorescu. 2019. Specshield: Shielding speculative data from microarchitectural covert channels. In Proceedings of the 28th International Conference on Parallel Architectures and Compilation Techniques. IEEE, 151–164.

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. DPFCFI: A Hardware-Based Forward Control-Flow Integrity for Architecture and Microarchitecture;2023 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom);2023-12-21

2. Architectural Contracts for Safe Speculation;2023 IEEE 41st International Conference on Computer Design (ICCD);2023-11-06