InvisiSpec making speculative execution invisible in the cache hierarchy

Hardware speculation offers a major surface for micro-architectural covert and side channel attacks. Unfortunately, defending against speculative execution attacks is challenging. The reason is that speculations destined to be squashed execute incorrect instructions, outside the scope of what progra...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:2018 51st Annual IEEE ACM International Symposium on Microarchitecture (MICRO) s. 428 - 441
Hlavní autoři: Yan, Mengjia, Choi, Jiho, Skarlatos, Dimitrios, Morrison, Adam, Fletcher, Christopher W., Torrellas, Josep
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: Piscataway, NJ, USA IEEE Press 01.10.2018
IEEE
Edice:ACM Conferences
Témata:
Coherence
General and reference
General and reference > Cross-computing tools and techniques
General and reference > Cross-computing tools and techniques > Performance
Hardware
hardware security
Load modeling
memory hierarchy
Monitoring
Receivers
Security
side channel
speculation
Transient analysis
ISBN:9781538662403, 153866240X
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Hardware speculation offers a major surface for micro-architectural covert and side channel attacks. Unfortunately, defending against speculative execution attacks is challenging. The reason is that speculations destined to be squashed execute incorrect instructions, outside the scope of what programmers and compilers reason about. Further, any change to micro-architectural state made by speculative execution can leak information. In this paper, we propose InvisiSpec, a novel strategy to defend against hardware speculation attacks in multiprocessors by making speculation invisible in the data cache hierarchy. InvisiSpec blocks micro-architectural covert and side channels through the multiprocessor data cache hierarchy due to speculative loads. In InvisiSpec, unsafe speculative loads read data into a speculative buffer, without modifying the cache hierarchy. When the loads become safe, InvisiSpec makes them visible to the rest of the system. InvisiSpec identifies loads that might have violated memory consistency and, at this time, forces them to perform a validation step. We propose two InvisiSpec designs: one to defend against Spectre-like attacks and another to defend against futuristic attacks, where any speculative load may pose a threat. Our simulations with 23 SPEC and 10 PARSEC workloads show that InvisiSpec is effective. Under TSO, using fences to defend against Spectre attacks slows down execution by 74% relative to a conventional, insecure processor; InvisiSpec reduces the execution slowdown to only 21%. Using fences to defend against futuristic attacks slows down execution by 208%; InvisiSpec reduces the slowdown to 72%.
ISBN:9781538662403
153866240X
DOI:10.1109/MICRO.2018.00042