Levioso: Efficient Compiler-Informed Secure Speculation
Article No.: 8, Pages 1 - 6
Abstract
Spectre-type attacks have exposed a major class of vulnerabilities arising from speculative execution of instructions, the main performance enabler of modern CPUs. These attacks speculatively leak secrets that have been either speculatively loaded (seen in sand-boxed programs) or non-speculatively loaded (seen in constant-time programs). Various hardware-only defenses have been proposed to mitigate both speculative and non-speculative secrets via all potential transmission channels. However, limited program knowledge is exposed to the hardware and these solutions conservatively restrict the execution of all instructions that can potentially leak.
In this work, we show that not all instructions depend on older unresolved branches and they can safely execute without leaking speculative information. We present Levioso, a novel hardware/-software co-design, that provides comprehensive secure speculation guarantees while reducing performance overhead compared to existing defenses. Levioso informs the hardware about true branch dependencies and applies restrictions only when necessary. Our evaluations demonstrate that Levioso is able to significantly reduce the performance overhead compared to two prior defenses from 51% and 43% to just 23%.
References
[1]
Pavlos Aimoniotis, et al. 2021. It's a Trap! - How speculation invariance can be abused with forward speculative interference. arXiv:cs.CR/2109.10774
[2]
Mohammad Behnia, et al. 2021. Speculative interference attacks: Breaking invisible speculation schemes. In ASPLOS 2021.
[3]
Atri Bhattacharyya, et al. 2019. SMoTherSpectre: Exploiting speculative execution through port contention. In CCS 2019.
[4]
Nathan Binkert, et al. 2011. The gem5 simulator. ACM SIGARCH Computer Architecture News (2011).
[5]
Thomas Bourgeat, et al. 2019. MI6: Secure enclaves in a speculative out-of-order processor. In MICRO 2019.
[6]
Guoxing Chen, et al. 2019. SgxPectre: Stealing Intel secrets from SGX enclaves via speculative execution. In EuroS&P 2019.
[7]
Yun Chen, et al. 2024. GadgetSpinner: A new transient execution primitive using the Loop Stream Detector. In HPCA 2024.
[8]
Rutvik Choudhary, et al. 2021. Speculative Privacy Tracking (SPT): Leaking information from speculative execution without compromising privacy. In MICRO 2021.
[9]
Ron Cytron, et al. 1989. An efficient method of computing static single assignment form. In POPL 1998.
[10]
Lesly-Ann Daniel, et al. 2023. ProSpeCT: Provably secure speculation for the constant-time policy. In USENIX Security 2023.
[11]
Deep Dive: CPUID enumeration and architectural MSRs 2023. https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/overview.html#MDS-CPUID.
[12]
Jacob Fustos, et al. 2019. SpectreGuard: An efficient data-centric defense mechanism against spectre attacks. In DAC 2019.
[13]
Ali Hajiabadi, et al. 2021. NOREBA: A compiler-informed non-speculative out-of-order commit processor. In ASPLOS 2021.
[14]
John L Henning. 2006. SPEC CPU2006 benchmark descriptions. ACM SIGARCH Computer Architecture News (2006).
[15]
Jann Horn. 2018. Speculative execution, variant 4: Speculative store bypass.
[16]
Intel, Indirect Branch Restricted Speculation 2018. https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/indirect-branch-restricted-speculation.html.
[17]
Khaled N Khasawneh, et al. 2019. SafeSpec: Banishing the spectre of a meltdown with leakage-free speculation. In DAC 2019.
[18]
Paul Kocher, et al. 2019. Spectre Attacks: Exploiting speculative execution. In S&P 2019.
[19]
Esmaeil Mohammadian Koruyeh, et al. 2018. Spectre Returns! Speculation Attacks using the Return Stack Buffer. In USENIX WOOT 2018.
[20]
Chris Lattner et al. 2004. LLVM: A compilation framework for lifelong program analysis & transformation. In CGO 2004.
[21]
Mengming Li, et al. 2022. unXpec: Breaking undo-based safe speculation. In HPCA 2022.
[22]
Sheng Li, et al. 2013. The McPAT framework for multicore and manycore architectures: Simultaneously modeling power, area, and timing. TACO (2013).
[23]
Moritz Lipp, et al. 2018. Meltdown: Reading kernel memory from user space. In USENIX Security 2018.
[24]
Kevin Loughlin, et al. 2021. Dolma: Securing speculation with the principle of transient non-observability. In USENIX Security 2021.
[25]
Giorgi Maisuradze et al. 2018. ret2spec: Speculative execution using return stack buffers. In CCS 2018.
[26]
Daniel S McFarlin, et al. 2013. Discerning the dominant out-of-order performance advantage: Is it speculation or dynamism?. In ASPLOS 2013.
[27]
Hamza Omar et al. 2020. IRONHIDE: A secure multicore that efficiently mitigates microarchitecture state attacks for interactive applications. In HPCA 2020.
[28]
Arash Pashrashid, et al. 2023. HidFix: Efficient mitigation of cache-based Spectre attacks through hidden rollbacks. In ICCAD 2023.
[29]
Harish Patil, et al. 2021. ELFies: Executable region checkpoints for performance analysis and simulation. In CGO 2021.
[30]
Kim Phillip. 2022. LKML: [PATCH 0/3] x86/speculation: Support Automatic IBRS. (2022).
[31]
Gururaj Saileshwar et al. 2019. Cleanupspec: An "undo" approach to safe speculation. In MICRO 2019.
[32]
Christos Sakalis, et al. 2019. Efficient invisible speculative execution through selective delay and value prediction. In ISCA 2019.
[33]
Michael Schwarz, et al. 2020. ConTExT: A generic approach for mitigating Spectre. In NDSS 2020.
[34]
Michael Schwarz, et al. 2018. NetSpectre: Read arbitrary memory over network. CoRR abs/1807.10535 (2018).
[35]
Ofir Weisse, et al. 2019. NDA: Preventing speculative execution attacks at their source. In MICRO 2019.
[36]
Mengjia Yan, et al. 2018. Invisispec: Making speculative execution invisible in the cache hierarchy. In MICRO 2018.
[37]
Yuval Yarom et al. 2014. Flush+Reload: A high resolution, low noise, L3 cache Side-Channel attack. In USENIX Security 2014.
[38]
Jiyong Yu, et al. 2020. Speculative data-oblivious execution: Mobilizing safe prediction for safe and efficient speculative execution. In ISCA 2020.
[39]
Jiyong Yu, et al. 2019. Speculative Taint Tracking (STT): A comprehensive protection for speculatively accessed data. In MICRO 2019.
[40]
Zirui Neil Zhao, et al. 2020. Speculation invariance (InvarSpec): Faster safe execution through program analysis. In MICRO 2020.
Index Terms
- Levioso: Efficient Compiler-Informed Secure Speculation
Index terms have been assigned to the content through auto-classification.
Recommendations
Enabling Efficient Alias Speculation
LCTES'15: Proceedings of the 16th ACM SIGPLAN/SIGBED Conference on Languages, Compilers and Tools for Embedded Systems 2015 CD-ROMMicroprocessors designed using HW/SW codesign principles, such as Transmeta™ Efficeon™ and the soon-to-ship NVIDIA 64-bit Tegra® K1, use dynamic binary optimization to extract instruction-level parallelism. Many code optimizations are made significantly ...
Comments
Information & Contributors
Information
Published In
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 07 November 2024
Check for updates
Qualifiers
- Research-article
Conference
DAC '24
Sponsor:
Acceptance Rates
Overall Acceptance Rate 1,770 of 5,499 submissions, 32%
Upcoming Conference
DAC '25
- Sponsor:
- sigda
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 58Total Downloads
- Downloads (Last 12 months)58
- Downloads (Last 6 weeks)58
Reflects downloads up to 25 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in