Kaixuan Wang
ABSTRACT
Speculative execution attacks such as Spectre and Meltdown exploit the wrong execution patch to leak private data. In current state-of-the-art defense strategies, executions of all memory accesses that use speculatively-loaded addresses are blocked, resulting in high overhead. Our key observation is that these blocked memory accesses can be executed without operand-dependent hardware resource usage through value prediction. Therefore, we propose a novel hardware defense framework, named Speculative Value Prediction (SVP), to safely and efficiently execute the potentially unsafe memory accesses earlier. We build SVP on the cycle-accurate Gem5 simulator and its performance improvement is positively correlated with the coverage of value predictors. Experiments show that when using the value predictor with 30%/60%/100% coverage, SVP outperforms the state-of-the-art defense mechanism STT in the Spectre model by 21.5%/50.3%/107.7% respectively, and in the Futuristic model by 28.7%/55.4%/105.7% respectively.
- Sam Ainsworth et al. 2020. Muontrap: Preventing cross-domain spectre-like attacks by capturing speculative state. In ISCA. IEEE.Google Scholar
- Mohammad Behnia et al. 2021. Speculative interference attacks: Breaking invisible speculation schemes. In ASPLOS.Google Scholar
- Ben Gras et al. 2018. Translation leak-aside buffer: Defeating cache side-channel protections with {TLB} attacks. In USENIX Security.Google Scholar
- Yasuo Ishii. 2018. Context-Base Computational Value Prediction with Value Compression. In CVP-1.Google Scholar
- Khaled N Khasawneh et al. 2019. Safespec: Banishing the spectre of a meltdown with leakage-free speculation. In DAC. IEEE.Google Scholar
- Vladimir Kiriansky et al. 2018. DAWG: A defense against cache timing attacks in speculative execution processors. In MICRO. IEEE.Google Scholar
- Paul Kocher et al. 2020. Spectre attacks: Exploiting speculative execution. Commun. ACM (2020).Google Scholar
- Esmaeil Mohammadian Koruyeh et al. 2018. Spectre returns! speculation attacks using the return stack buffer. In WOOT.Google Scholar
- Peinan Li et al. 2019. Conditional speculation: An effective approach to safeguard out-of-order execution against spectre attacks. In HPCA. IEEE.Google Scholar
- Moritz Lipp et al. 2020. Meltdown: Reading kernel memory from user space. Commun. ACM (2020).Google Scholar
- Giorgi Maisuradze and Christian Rossow. 2018. ret2spec: Speculative execution using return stack buffers. In SIGSAC.Google Scholar
- Arthur Perais et al. 2014. Practical data value speculation for future high-end processors. In HPCA. IEEE.Google Scholar
- Christos Sakalis et al. 2019. Efficient invisible speculative execution through selective delay and value prediction. In ISCA. IEEE.Google Scholar
- Michael Schwarz et al. 2019. Netspectre: Read arbitrary memory over network. In ESORICS. Springer.Google Scholar
- André Seznec. 2018. Exploring value prediction with the EVES predictor. In CVP-1.Google Scholar
- Mengjia Yan et al. 2017. Secure hierarchy-aware cache replacement policy (SHARP): Defending against cache-based side channel attacks. In ISCA. IEEE.Google Scholar
- Mengjia Yan et al. 2018. Invisispec: Making speculative execution invisible in the cache hierarchy. In Micro. IEEE.Google Scholar
- Yuval Yarom and Katrina Falkner. 2014. {FLUSH RELOAD}: A High Resolution, Low Noise, L3 Cache {Side-Channel}Attack. In USENIX security.Google Scholar
- Jiyong Yu et al. 2019. Speculative taint tracking (stt) a comprehensive protection for speculatively accessed data. In Micro.Google Scholar
- Jiyong Yu et al. 2020. Speculative data-oblivious execution: Mobilizing safe prediction for safe and efficient speculative execution. In ISCA. IEEE.Google Scholar
Index Terms
- SVP: Safe and Efficient Speculative Execution Mechanism through Value Prediction
Recommendations
Speculative Taint Tracking (STT): A Comprehensive Protection for Speculatively Accessed Data
MICRO '52: Proceedings of the 52nd Annual IEEE/ACM International Symposium on MicroarchitectureSpeculative execution attacks present an enormous security threat, capable of reading arbitrary program data under malicious speculation, and later exfiltrating that data over microarchitectural covert channels. Since these attacks first rely on being ...
Exploiting speculative value reuse using value prediction
Data dependencies between instructions greatly impede instruction-level parallelism. Recently two hardware techniques --- Value Prediction and Value Reuse --- have been proposed to overcome the limits imposed by data dependencies. We introduce a new ...
Exploiting speculative value reuse using value prediction
CRPIT '02: Proceedings of the seventh Asia-Pacific conference on Computer systems architectureData dependencies between instructions greatly impede instruction-level parallelism. Recently two hardware techniques --- Value Prediction and Value Reuse --- have been proposed to overcome the limits imposed by data dependencies. We introduce a new ...
Comments