skip to main content
10.1145/3649329.3655894acmconferencesArticle/Chapter ViewAbstractPublication PagesdacConference Proceedingsconference-collections
research-article
Open access

Levioso: Efficient Compiler-Informed Secure Speculation

Published: 07 November 2024 Publication History

Abstract

Spectre-type attacks have exposed a major class of vulnerabilities arising from speculative execution of instructions, the main performance enabler of modern CPUs. These attacks speculatively leak secrets that have been either speculatively loaded (seen in sand-boxed programs) or non-speculatively loaded (seen in constant-time programs). Various hardware-only defenses have been proposed to mitigate both speculative and non-speculative secrets via all potential transmission channels. However, limited program knowledge is exposed to the hardware and these solutions conservatively restrict the execution of all instructions that can potentially leak.
In this work, we show that not all instructions depend on older unresolved branches and they can safely execute without leaking speculative information. We present Levioso, a novel hardware/-software co-design, that provides comprehensive secure speculation guarantees while reducing performance overhead compared to existing defenses. Levioso informs the hardware about true branch dependencies and applies restrictions only when necessary. Our evaluations demonstrate that Levioso is able to significantly reduce the performance overhead compared to two prior defenses from 51% and 43% to just 23%.

References

[1]
Pavlos Aimoniotis, et al. 2021. It's a Trap! - How speculation invariance can be abused with forward speculative interference. arXiv:cs.CR/2109.10774
[2]
Mohammad Behnia, et al. 2021. Speculative interference attacks: Breaking invisible speculation schemes. In ASPLOS 2021.
[3]
Atri Bhattacharyya, et al. 2019. SMoTherSpectre: Exploiting speculative execution through port contention. In CCS 2019.
[4]
Nathan Binkert, et al. 2011. The gem5 simulator. ACM SIGARCH Computer Architecture News (2011).
[5]
Thomas Bourgeat, et al. 2019. MI6: Secure enclaves in a speculative out-of-order processor. In MICRO 2019.
[6]
Guoxing Chen, et al. 2019. SgxPectre: Stealing Intel secrets from SGX enclaves via speculative execution. In EuroS&P 2019.
[7]
Yun Chen, et al. 2024. GadgetSpinner: A new transient execution primitive using the Loop Stream Detector. In HPCA 2024.
[8]
Rutvik Choudhary, et al. 2021. Speculative Privacy Tracking (SPT): Leaking information from speculative execution without compromising privacy. In MICRO 2021.
[9]
Ron Cytron, et al. 1989. An efficient method of computing static single assignment form. In POPL 1998.
[10]
Lesly-Ann Daniel, et al. 2023. ProSpeCT: Provably secure speculation for the constant-time policy. In USENIX Security 2023.
[11]
Deep Dive: CPUID enumeration and architectural MSRs 2023. https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/overview.html#MDS-CPUID.
[12]
Jacob Fustos, et al. 2019. SpectreGuard: An efficient data-centric defense mechanism against spectre attacks. In DAC 2019.
[13]
Ali Hajiabadi, et al. 2021. NOREBA: A compiler-informed non-speculative out-of-order commit processor. In ASPLOS 2021.
[14]
John L Henning. 2006. SPEC CPU2006 benchmark descriptions. ACM SIGARCH Computer Architecture News (2006).
[15]
Jann Horn. 2018. Speculative execution, variant 4: Speculative store bypass.
[16]
Intel, Indirect Branch Restricted Speculation 2018. https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/indirect-branch-restricted-speculation.html.
[17]
Khaled N Khasawneh, et al. 2019. SafeSpec: Banishing the spectre of a meltdown with leakage-free speculation. In DAC 2019.
[18]
Paul Kocher, et al. 2019. Spectre Attacks: Exploiting speculative execution. In S&P 2019.
[19]
Esmaeil Mohammadian Koruyeh, et al. 2018. Spectre Returns! Speculation Attacks using the Return Stack Buffer. In USENIX WOOT 2018.
[20]
Chris Lattner et al. 2004. LLVM: A compilation framework for lifelong program analysis & transformation. In CGO 2004.
[21]
Mengming Li, et al. 2022. unXpec: Breaking undo-based safe speculation. In HPCA 2022.
[22]
Sheng Li, et al. 2013. The McPAT framework for multicore and manycore architectures: Simultaneously modeling power, area, and timing. TACO (2013).
[23]
Moritz Lipp, et al. 2018. Meltdown: Reading kernel memory from user space. In USENIX Security 2018.
[24]
Kevin Loughlin, et al. 2021. Dolma: Securing speculation with the principle of transient non-observability. In USENIX Security 2021.
[25]
Giorgi Maisuradze et al. 2018. ret2spec: Speculative execution using return stack buffers. In CCS 2018.
[26]
Daniel S McFarlin, et al. 2013. Discerning the dominant out-of-order performance advantage: Is it speculation or dynamism?. In ASPLOS 2013.
[27]
Hamza Omar et al. 2020. IRONHIDE: A secure multicore that efficiently mitigates microarchitecture state attacks for interactive applications. In HPCA 2020.
[28]
Arash Pashrashid, et al. 2023. HidFix: Efficient mitigation of cache-based Spectre attacks through hidden rollbacks. In ICCAD 2023.
[29]
Harish Patil, et al. 2021. ELFies: Executable region checkpoints for performance analysis and simulation. In CGO 2021.
[30]
Kim Phillip. 2022. LKML: [PATCH 0/3] x86/speculation: Support Automatic IBRS. (2022).
[31]
Gururaj Saileshwar et al. 2019. Cleanupspec: An "undo" approach to safe speculation. In MICRO 2019.
[32]
Christos Sakalis, et al. 2019. Efficient invisible speculative execution through selective delay and value prediction. In ISCA 2019.
[33]
Michael Schwarz, et al. 2020. ConTExT: A generic approach for mitigating Spectre. In NDSS 2020.
[34]
Michael Schwarz, et al. 2018. NetSpectre: Read arbitrary memory over network. CoRR abs/1807.10535 (2018).
[35]
Ofir Weisse, et al. 2019. NDA: Preventing speculative execution attacks at their source. In MICRO 2019.
[36]
Mengjia Yan, et al. 2018. Invisispec: Making speculative execution invisible in the cache hierarchy. In MICRO 2018.
[37]
Yuval Yarom et al. 2014. Flush+Reload: A high resolution, low noise, L3 cache Side-Channel attack. In USENIX Security 2014.
[38]
Jiyong Yu, et al. 2020. Speculative data-oblivious execution: Mobilizing safe prediction for safe and efficient speculative execution. In ISCA 2020.
[39]
Jiyong Yu, et al. 2019. Speculative Taint Tracking (STT): A comprehensive protection for speculatively accessed data. In MICRO 2019.
[40]
Zirui Neil Zhao, et al. 2020. Speculation invariance (InvarSpec): Faster safe execution through program analysis. In MICRO 2020.

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
DAC '24: Proceedings of the 61st ACM/IEEE Design Automation Conference
June 2024
2159 pages
ISBN:9798400706011
DOI:10.1145/3649329
This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2024

Check for updates

Qualifiers

  • Research-article

Conference

DAC '24
Sponsor:
DAC '24: 61st ACM/IEEE Design Automation Conference
June 23 - 27, 2024
CA, San Francisco, USA

Acceptance Rates

Overall Acceptance Rate 1,770 of 5,499 submissions, 32%

Upcoming Conference

DAC '25
62nd ACM/IEEE Design Automation Conference
June 22 - 26, 2025
San Francisco , CA , USA

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 58
    Total Downloads
  • Downloads (Last 12 months)58
  • Downloads (Last 6 weeks)58
Reflects downloads up to 25 Dec 2024

Other Metrics

Citations

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media