Conditional Speculation: An Effective Approach to Safeguard Out-of-Order Execution Against Spectre Attacks

Li, Peinan; Zhao, Lutan; Hou, Rui; Zhang, Lixin; Meng, Dan

doi:10.1109/hpca.2019.00043

Cited by 73 publications

(67 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Proposals from the computer architecture research community mitigate speculative execution attacks with more dramatic revision on the micro-architectural level [2,4,6,9,10,15,21,22,26,34,35,38,43,46,[48][49][50]. While these approaches may be efficient in addressing the targeted problems, however, it may take a longer time before these academic proposals can be adopted by the industry.…”

Section: Related Workmentioning

confidence: 99%

Specularizer : Detecting Speculative Execution Attacks via Performance Tracing

Wang

Chen

Cheng³

et al. 2021

Detection of Intrusions and Malware, and Vulnerability Assessment

View full text Add to dashboard Cite

This paper presents Specularizer, a framework for uncovering speculative execution attacks using performance tracing features available in commodity processors. It is motivated by the practical difficulty of eradicating such vulnerabilities in the design of CPU hardware and operating systems and the principle of defense-in-depth. The key idea of Specularizer is the use of Hardware Performance Counters and Processor Trace to perform lightweight monitoring of production applications and the use of machine learning techniques for identifying the occurrence of the attacks during offline forensics analysis. Different from prior works that use performance counters to detect side-channel attacks, Specularizer monitors triggers of the critical paths of the speculative execution attacks, thus making the detection mechanisms robust to different choices of side channels used in the attacks. To evaluate Specularizer, we model all known types of exception-based and misprediction-based speculative execution attacks and automatically generate thousands of attack variants. Experimental results show that Specularizer yields superior detection accuracy and the online tracing of Specularizer incur reasonable overhead.

show abstract

Section: Related Workmentioning

confidence: 99%

Specularizer : Detecting Speculative Execution Attacks via Performance Tracing

Wang

Chen

Cheng³

et al. 2021

Detection of Intrusions and Malware, and Vulnerability Assessment

View full text Add to dashboard Cite

show abstract

“…Our current work, delay-on-miss [12], delays all speculative loads until they are certain to be retired (Section 5). Conditional Speculation [18], NDA [19], Speculative Taint Tracking (STT) [20], SpectreGuard [21], and Context [22] keep track of the flow of information during execution and prevent any speculatively loaded data from being used by any "unsafe" instruction. The advantage of such solutions is that the changes required are mostly isolated in the core, instead of being pervasive in the whole memory hierarchy and the coherence protocol.…”

Section: The State-of-the-artmentioning

confidence: 99%

Understanding Selective Delay as a Method for Efficient Secure Speculative Execution

Sakalis

Ros

Jimborean

et al. 2020

IEEE Trans. Comput.

View full text Add to dashboard Cite

Since the introduction of Meltdown and Spectre, the research community has been tirelessly working on speculative side-channel attacks and on how to shield computer systems from them. To ensure that a system is protected not only from all the currently known attacks but also from future, yet to be discovered, attacks, the solutions developed need to be general in nature, covering a wide array of system components, while at the same time keeping the performance, energy, area, and implementation complexity costs at a minimum. One such solution is our own delay-on-miss, which efficiently protects the memory hierarchy by i) selectively delaying speculative load instructions and ii) utilizing value prediction as an invisible form of speculation. In this work we dive deeper into delay-on-miss, offering insights into why and how it affects the performance of the system. We also reevaluate value prediction as an invisible form of speculation. Specifically, we focus on the implications that delaying memory loads has in the memory level parallelism of the system and how this affects the value predictor and the overall performance of the system. We present new, updated results but more importantly, we also offer deeper insight into why delay-on-miss works so well and what this means for the future of secure speculative execution.

show abstract

“…KAISER [11] protects against Meltdown by enforcing strict user and kernel space isolation but is ineffective against Spectre. Other software-based mitigations [8,20,32] propose annotationbased mechanisms for protecting secret data, as an effort to reduce the overhead, but require additional hardware, compiler, and OS support.…”

Section: Related Workmentioning

confidence: 99%

“…(2) Delaying speculative execution until speculation can be resolved. Solutions such as Delay-on-Miss [30], Conditional Speculation [20], SpectreGuard [8], NDA [37], and Speculative Taint Tracking (STT) [40,41] selectively delay instructions when they might be used to leak information. Some, such as Conditional Speculation and SpectreGuard, only try to protect data marked by the user as sensitive, while others, such as Delay-on-Miss, work on all data.…”

Section: Related Workmentioning

confidence: 99%

Clearing the Shadows

Tran

Sakalis

Själander

et al. 2020

Proceedings of the ACM International Conference on Parallel Architectures and Compilation Techniques

View full text Add to dashboard Cite

Out-of-order processors heavily rely on speculation to achieve high performance, allowing instructions to bypass other slower instructions in order to fully utilize the processor's resources. Speculatively executed instructions do not affect the correctness of the application, as they never change the architectural state, but they do affect the micro-architectural behavior of the system. Until recently, these changes were considered to be safe but with the discovery of new security attacks that misuse speculative execution to leak secrete information through observable micro-architectural changes (so called side-channels), this is no longer the case. To solve this issue, a wave of software and hardware mitigations have been proposed, the majority of which delay and/or hide speculative execution until it is deemed to be safe, trading performance for security. These newly enforced restrictions change how speculation is applied and where the performance bottlenecks appear, forcing us to rethink how we design and optimize both the hardware and the software. We observe that many of the state-of-the-art hardware solutions targeting memory systems operate on a common scheme: the visible execution of loads or their dependents is blocked until they become safe to execute. In this work we propose a generally applicable hardware-software extension that focuses on removing the causes of loads' unsafety, generally caused by control and memory dependence speculation. As a result, we manage to make more loads safe to execute at an early stage, which enables us to schedule more loads at a time to overlap their delays and improve performance. We apply our techniques on the state-of-the-art Delay-on-Miss hardware defense and show that we reduce the performance gap to the unsafe baseline by 53% (on average).

show abstract

Conditional Speculation: An Effective Approach to Safeguard Out-of-Order Execution Against Spectre Attacks

Cited by 73 publications

References 16 publications

Specularizer : Detecting Speculative Execution Attacks via Performance Tracing

Specularizer : Detecting Speculative Execution Attacks via Performance Tracing

Understanding Selective Delay as a Method for Efficient Secure Speculative Execution

Clearing the Shadows

Contact Info

Product

Resources

About