research-article

Position Paper: A case for exposing extra-architectural state in the ISA

Authors:

Jason Lowe-Power,

Venkatesh Akella,

Matthew K. Farrens,

Samuel T. King,

Christopher J. NittaAuthors Info & Claims

HASP '18: Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy

Article No.: 8, Pages 1 - 6

https://doi.org/10.1145/3214292.3214300

Published: 02 June 2018 Publication History

Abstract

The recent Meltdown and Spectre attacks took the community by surprise. Rather than exploiting an incorrect implementation of the ISA, these attacks leverage the undocumented implementation-specific speculation behavior of high-performance microarchitectures to affect the extra-architectural state of the machine (e.g., caches).

Inspired by these novel speculation-based attacks, we argue it is time to rethink the traditional ISA layers. Programmers and security professionals need a framework to reason about the effects of speculation and other microarchitectural performance optimizations. We propose judiciously extending the ISA to include the extra-architectural state so that an ISA implementation either completely squashes all system state changes caused by mis-speculated instructions or the potential changes are rigorously documented. We hope this new framework will give architects and security researchers tools to reduce the likelihood of future surprise vulnerabilities.

References

[1]

2018. Intel Analysis of Speculative Execution Side Channels. White Paper. Intel. https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf.

[2]

2018. SOFTWARE TECHNIQUES FOR MANAGING SPECULATION ON AMD PROCESSORS. White Paper. AMD. https://developer.amd.com/wp-content/resources/Managing-Speculation-on-AMD-Processors.pdf.

[3]

Onur Aciiçmez. 2007. Yet Another MicroArchitectural Attack:: Exploiting I-Cache. In Proceedings of the 2007 ACM Workshop on Computer Security Architecture (CSAW '07). ACM, New York, NY, USA, 11--18.

[4]

Onur Aciiçmez, Çetin Kaya Koç., and Jean-Pierre Seifert. 2007. On the Power of Simple Branch Prediction Analysis. In Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS '07). ACM, New York, NY, USA, 312--320.

[5]

Sarita V. Adve and Kourosh Gharachorloo. 1996. Shared memory consistency models: a tutorial. Computer 29, 12 (Dec 1996), 66--76.

[6]

Sarita V. Adve and Mark D. Hill. 1990. Weak Ordering---a New Definition. In Proceedings of the 17th Annual International Symposium on Computer Architecture (ISCA '90). ACM, New York, NY, USA, 2--14.

[7]

Ittai Anati, Shay Gueron, Simon P Johnson, and Vincent R Scarlata. 2013. Innovative Technology for CPU Based Attestation and Sealing. White Paper. Intel Corporation.

[8]

Nathan Binkert, Bradford Beckmann, Gabriel Black, Steven K. Reinhardt, Ali Saidi, Arkaprava Basu, Joel Hestness, Derek R. Hower, Tushar Krishna, Somayeh Sardashti, Rathijit Sen, Korey Sewell, Muhammad Shoaib, Nilay Vaish, Mark D. Hill, and David A. Wood. 2011. The Gem5 Simulator. SIGARCH Comput. Archit. News 39, 2 (Aug. 2011), 1--7.

[9]

Rob Coombs. 2015. Securing the Future of Authentication with ARM TrustZone-based Trusted Execution Environment and Fast Identity Online (FIDO). Technical Report. https://www.arm.com/files/pdf/TrustZone-and-FIDO-white-paper.pdf.

[10]

John Demme, Robert Martin, Adam Waksman, and Simha Sethumadhavan. 2012. Side-channel Vulnerability Factor: A Metric for Measuring Information Leakage. In Proceedings of the 39th Annual International Symposium on Computer Architecture (ISCA '12). IEEE Computer Society, Washington, DC, USA, 106--117. http://dl.acm.org/citation.cfm?id=2337159.2337172

Digital Library

[11]

Dmitry Evtyushkin, Dmitry Ponomarev, and Nael Abu-Ghazaleh. 2016. Jump over ASLR: Attacking Branch Predictors to Bypass ASLR. In The 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO-49). IEEE Press, Piscataway, NJ, USA, Article 40, 13 pages. http://dl.acm.org/citation.cfm?id=3195638.3195686

[12]

David Grawrock. 2009. Dynamics of a Trusted Platform: A Building Block Approach (1st ed.). Intel Press.

[13]

Richard Grisenthwaite. 2018. Cache Speculation Side-channels. White Paper Version 1.1. arm. https://developer.arm.com/support/security-update/download-the-whitepaper.

[14]

Daniel Gruss, Moritz Lipp, Michael Schwarz, Richard Fellner, Clémentine Maurice, and Stefan Mangard. 2017. KASLR is Dead: Long Live KASLR. In Engineering Secure Software and Systems, Eric Bodden, Mathias Payer, and Elias Athanasopoulos (Eds.). Springer International Publishing, Cham, 161--176.

[15]

M. Hicks, M. Finnicum, S. T. King, M. M. K. Martin, and J. M. Smith. 2010. Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically. In 2010 IEEE Symposium on Security and Privacy. 159--172.

[16]

Matthew Hicks, Cynthia Sturton, Samuel T. King, and Jonathan M. Smith. 2015. SPECS: A Lightweight Runtime Mechanism for Protecting Software from Security-Critical Processor Bugs. In Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '15). ACM, New York, NY, USA, 517--529.

Digital Library

[17]

Galen C. Hunt and James R. Larus. 2007. Singularity: Rethinking the Software Stack. SIGOPS Oper. Syst. Rev. 41, 2 (April 2007), 37--49.

[18]

Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2018. Spectre Attacks: Exploiting Speculative Execution. ArXiv e-prints (Jan. 2018). arXiv:1801.01203

[19]

Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown. ArXiv e-prints (Jan. 2018). arXiv:1801.01207

[20]

Yatin A. Manerkar, Daniel Lustig, Michael Pellauer, and Margaret Martonosi. 2015. CCICheck: Using &Micro;Hb Graphs to Verify the Coherence-consistency Interface. In Proceedings of the 48th International Symposium on Microarchitecture (MICRO-48). ACM, New York, NY, USA, 26--37.

Digital Library

[21]

D Page. 2003. Defending against cache-based side-channel attacks. Information Security Technical Report 8, 1 (2003), 30--44.

[22]

Peter Sewell, Susmit Sarkar, Scott Owens, Francesco Zappa Nardelli, and Magnus O. Myreen. 2010. X86-TSO: A Rigorous and Usable Programmer's Model for x86 Multiprocessors. Commun. ACM 53, 7 (July 2010), 89--97.

[23]

G. Edward Suh, Jae W. Lee, David Zhang, and Srinivas Devadas. 2004. Secure Program Execution via Dynamic Information Flow Tracking. In Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XI). ACM, New York, NY, USA, 85--96.

[24]

Mohit Tiwari, Hassan M.G. Wassel, Bita Mazloom, Shashidhar Mysore, Frederic T. Chong, and Timothy Sherwood. 2009. Complete Information Flow Tracking from the Gates Up. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XIV). ACM, New York, NY, USA, 109--120.

[25]

Caroline Trippel, Daniel Lustig, and Margaret Martonosi. 2018. MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols. ArXiv e-prints (Feb. 2018). arXiv:cs.CR/1802.03802

[26]

Caroline Trippel, Yatin A. Manerkar, Daniel Lustig, Michael Pellauer, and Margaret Martonosi. 2017. TriCheck: Memory Model Verification at the Trisection of Software, Hardware, and ISA. In Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '17). ACM, New York, NY, USA, 119--133.

Digital Library

[27]

Paul Turner. 2018. Retpoline: a software construct for preventing branch-target-injection. https://support.google.com/faqs/answer/7625886

[28]

Zhenghong Wang and Ruby B. Lee. 2007. New Cache Designs for Thwarting Software Cache-based Side Channel Attacks. In Proceedings of the 34th Annual International Symposium on Computer Architecture (ISCA '07). ACM, New York, NY, USA, 494--505.

[29]

Hassan M. G. Wassel, Ying Gao, Jason K. Oberg, Ted Huffmire, Ryan Kastner, Frederic T. Chong, and Timothy Sherwood. 2013. SurfNoC: A Low Latency and Provably Non-interfering Approach to Secure Networks-on-chip. In Proceedings of the 40th Annual International Symposium on Computer Architecture (ISCA '13). ACM, New York, NY, USA, 583--594.

Digital Library

[30]

David Wentzlaff and Anant Agarwal. 2009. Factored Operating Systems (Fos): The Case for a Scalable Operating System for Multicores. SIGOPS Oper. Syst. Rev. 43, 2 (April 2009), 76--85.

Cited By

Winderix HBognar MNoorman JDaniel LPiessens F(2024)Architectural Mimicry: Innovative Instructions to Efficiently Address Control-Flow Leakage in Data-Oblivious Programs2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00047(3697-3715)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00047
Holtryd NManivannan MStenström P(2023)SoK: Analysis of Root Causes and Defense Strategies for Attacks on Microarchitectural Optimizations2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP57164.2023.00044(631-650)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSP57164.2023.00044
Melo CLiu PYing R(2020)A Platform for Full-Stack Functional Programming2020 IEEE International Symposium on Circuits and Systems (ISCAS)10.1109/ISCAS45731.2020.9180772(1-5)Online publication date: Oct-2020
https://doi.org/10.1109/ISCAS45731.2020.9180772
Show More Cited By

Index Terms

Position Paper: A case for exposing extra-architectural state in the ISA
1. Computer systems organization
  1. Architectures
    1. Serial architectures
      1. Superscalar architectures
2. Security and privacy
  1. Security in hardware
    1. Hardware security implementation

Recommendations

An evaluation of speculative instruction execution on simultaneous multithreaded processors

Modern superscalar processors rely heavily on speculative execution for performance. For example, our measurements show that on a 6-issue superscalar, 93% of committed instructions for SPECINT95 are speculative. Without speculation, processor resources ...
Cross-ISA execution of SIMD regions for improved performance
SYSTOR '19: Proceedings of the 12th ACM International Conference on Systems and Storage

We investigate the effectiveness of executing SIMD workloads on multiprocessors with heterogeneous Instruction Set Architecture (ISA) cores. Heterogeneous ISAs offer an intriguing clock speed/parallelism tradeoff for workloads with frequent usage of ...
Doubling the number of registers on ARM processors
INTERACT '12: Proceedings of the 2012 16th Workshop on Interaction between Compilers and Computer Architectures (INTERACT)

It is critical that more architectural registers are available to the compiler and programmer, as a small number of architectural registers might hinder the compiler and programmer from producing efficient code. Although modern chip manufacturing ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

HASP '18: Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy

June 2018

84 pages

ISBN:9781450365000

DOI:10.1145/3214292

Conference Chairs:
Jakub Szefer
Yale University
,
Weidong Shi
University of Houston
,
Ruby B. Lee
Princeton University

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 June 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

HASP '18

HASP '18: Hardware and Architectural Support for Security and Privacy

June 2, 2018

California, Los Angeles

Acceptance Rates

Overall Acceptance Rate 9 of 13 submissions, 69%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
409
Total Downloads

Downloads (Last 12 months)15
Downloads (Last 6 weeks)3

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Winderix HBognar MNoorman JDaniel LPiessens F(2024)Architectural Mimicry: Innovative Instructions to Efficiently Address Control-Flow Leakage in Data-Oblivious Programs2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00047(3697-3715)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00047
Holtryd NManivannan MStenström P(2023)SoK: Analysis of Root Causes and Defense Strategies for Attacks on Microarchitectural Optimizations2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP57164.2023.00044(631-650)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSP57164.2023.00044
Melo CLiu PYing R(2020)A Platform for Full-Stack Functional Programming2020 IEEE International Symposium on Circuits and Systems (ISCAS)10.1109/ISCAS45731.2020.9180772(1-5)Online publication date: Oct-2020
https://doi.org/10.1109/ISCAS45731.2020.9180772
Cabodi GCamurati PFinocchiaro FVendraminetto D(2019)Model-Checking Speculation-Dependent Security Properties: Abstracting and Reducing Processor Models for Sound and Complete VerificationElectronics10.3390/electronics80910578:9(1057)Online publication date: 19-Sep-2019
https://doi.org/10.3390/electronics8091057
Mambretti ANeugschwandtner MSorniotti AKirda ERobertson WKurmus ABalenson D(2019)SpeculatorProceedings of the 35th Annual Computer Security Applications Conference10.1145/3359789.3359837(747-761)Online publication date: 9-Dec-2019
https://dl.acm.org/doi/10.1145/3359789.3359837
Taram MVenkat ATullsen DBahar IHerlihy MWitchel ELebeck A(2019)Context-Sensitive FencingProceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3297858.3304060(395-410)Online publication date: 4-Apr-2019
https://dl.acm.org/doi/10.1145/3297858.3304060
Musavi SHashemi M(2019)An Ontology-Based Method for HW/SW Architecture ReconstructionIEEE Transactions on Computers10.1109/TC.2019.289532968:7(1007-1018)Online publication date: 1-Jul-2019
https://doi.org/10.1109/TC.2019.2895329
Cabodi GCamurati PFinocchiaro FVendraminetto D(2019)Model Checking Speculation-Dependent Security Properties: Abstracting and Reducing Processor Models for Sound and Complete VerificationCodes, Cryptology and Information Security10.1007/978-3-030-16458-4_27(462-479)Online publication date: 28-Mar-2019
https://doi.org/10.1007/978-3-030-16458-4_27

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten