Speculative Interference Attacks: Breaking Invisible Speculation Schemes

Behnia, Mohammad; Sahu, Prateek; Paccagnella, Riccardo; Yu, Jun; Zhao, Zongbin; Zhang, Xiang; Unterluggauer, Thomas; Torrellas, Josep; Rozas, Carlos; Morrison, Adam; Mckeen, Frank; Liu, Fangfei; Gabor, Ron; Fletcher, Christopher W.; Basak, Abhishek; Alameldeen, Alaa R.

doi:10.48550/arxiv.2007.11818

Cited by 1 publication

(1 citation statement)

References 34 publications

(98 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since SPECBOX prevents the unsafe speculative modification of such metadata like other works, and carefully extends the cache without introducing new attack surface. SPECBOX can also be used to defend against the metadata attacks, such as Speculative Interference [5]. VII.…”

Section: Security Analysismentioning

confidence: 99%

SpecBox: A Label-Based Transparent Speculation Scheme Against Transient Execution Attacks

Tang¹,

Wu²,

Wang³

et al. 2021

Preprint

View full text Add to dashboard Cite

Speculative execution techniques have been a cornerstone of modern processors to improve instruction-level parallelism. However, recent studies showed that this kind of techniques could be exploited by attackers to leak secret data via transient execution attacks, such as Spectre. Many defenses are proposed to address this problem, but they all face various challenges: (1) Tracking data flow in the instruction pipeline could comprehensively address this problem, but it could cause pipeline stalls and incur high performance overhead; (2) Making side effect of speculative execution imperceptible to attackers, but it often needs additional storage components and complicated data movement operations. In this paper, we propose a label-based transparent speculation scheme called SPECBOX. It dynamically partitions the cache system to isolate speculative data and nonspeculative data, which can prevent transient execution from being observed by subsequent execution. Moreover, it uses thread ownership semaphores to prevent speculative data from being accessed across cores. In addition, SPECBOX also enhances the auxiliary components in the cache system against transient execution attacks, such as hardware prefetcher. Our security analysis shows that SPECBOX is secure and the performance evaluation shows that the performance overhead on SPEC CPU 2006 and PARSEC-3.0 benchmarks is small.

show abstract

Section: Security Analysismentioning

confidence: 99%