We use cookies to improve your experience with our site.
Cui HW, Yang C, Cheng X. Secure speculation via speculative secret flow tracking. JOURNAL OFCOMPUTER SCIENCE AND TECHNOLOGY 38(2): 422−438 Mar. 2023. DOI: 10.1007/s11390-021-1249-4.
Citation: Cui HW, Yang C, Cheng X. Secure speculation via speculative secret flow tracking. JOURNAL OFCOMPUTER SCIENCE AND TECHNOLOGY 38(2): 422−438 Mar. 2023. DOI: 10.1007/s11390-021-1249-4.

Secure Speculation via Speculative Secret Flow Tracking

  • Speculative execution attacks can leak arbitrary program data under malicious speculation, presenting a severe security threat. Based on two key observations, this paper presents a software-transparent defense mechanism called speculative secret flow tracking (SSFT), which is capable of defending against all cache-based speculative execution attacks with a low performance overhead. First, we observe that the attacker must use array or pointer variables in the victim code to access arbitrary memory data. Therefore, we propose a strict definition of secret data to reduce the amount of data to be protected. Second, if the load is not data-dependent and control-dependent on secrets, its speculative execution will not leak any secrets. Thus, this paper introduces the concept of speculative secret flow to analyze how secret data are obtained and propagated during speculative execution. By tracking speculative secret flow in hardware, SSFT can identify all unsafe speculative loads (USLs) that are dependent on secrets. Moreover, SSFT exploits three different methods to constrain USLs’ speculative execution and prevent them from leaking secrets into the cache and translation lookaside buffer (TLB) states. This paper evaluates the performance of SSFT on the SPEC CPU 2006 workloads, and the results show that SSFT is effective and its performance overhead is very low. To defend against all speculative execution attack variants, SSFT only incurs an average slowdown of 4.5% (Delay USL-L1Miss) or 3.8% (Invisible USLs) compared to a non-secure processor. Our analysis also shows that SSFT maintains a low hardware overhead.
  • loading

Catalog

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return