处理器微体系结构安全研究综述  被引量：4

作　　者：尹嘉伟 李孟豪 霍玮[1,2,3,4] YIN Jiawei;LI Menghao;HUO Wei(Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;Key Laboratory of Network Assessment Technology,Chinese Academy of Sciences,Beijing 100195,China;Beijing Key Laboratory of Network Security and Protection Technology,Beijing 100195,China;School of CyberSpace Security,University of Chinese Academy of Sciences,Beijing 100049,China)

机构地区：[1]中国科学院信息工程研究所,中国北京100093 [2]中国科学院网络测评技术重点实验室,中国北京100195 [3]网络安全防护技术北京市重点实验室,中国北京100195 [4]中国科学院大学网络空间安全学院,中国北京100049

出　　处：《信息安全学报》2022年第4期17-31,共15页Journal of Cyber Security

基　　金：中国国家自然科学基金(No.61602470,No.61702508,No.61802394,No.U1836209,No.62032010);中国国家重点研究开发计划(No.2016QY071405);中国科学院战略重点研究计划(No.XDC02040100,No.XDC02030200,No.XDC02020200)的部分支持。

摘　　要：在CPU指令流水线中,为了提高计算机系统的执行效率而加入的Cache、TLB等缓存结构是不同进程共享的,因此这些缓存以及相关执行单元在不同进程之间的共享在一定程度上打破了计算机系统中基于内存隔离实现的安全边界,进而打破了计算机系统的机密性和完整性。Spectre和Meltdown等漏洞的披露,进一步说明了处理器微体系结构所采用的乱序执行、分支预测和推测执行等性能优化设计存在着严重的安全缺陷,其潜在威胁将涉及到整个计算机行业的生态环境。然而,对于微体系结构的安全分析,到目前为止尚未形成较为成熟的研究框架。虽然当前针对操作系统内核及上层应用程序的漏洞检测和安全防护方面已经有较为成熟的方法和工具,但这些方法和工具并不能直接应用于对微体系结构漏洞的安全检测之中。一旦微体系结构中出现了漏洞将导致其危害更加广泛并且难以修复。此外,由于各个处理器厂商并没有公布微体系结构的实现细节,对于微体系结构安全研究人员来说,微体系结构仍然处于黑盒状态,并且缺少进行辅助分析的工具。这也使得微体系结构的安全分析变得十分困难。因此本文从当前处理器微体系结构设计中存在的安全威胁入手,分析了其在设计上导致漏洞产生的主要原因,对现有处理器微体系结构的7种主流攻击方法进行了分类描述和总结,分析对比现有的10种软硬件防护措施所采用的保护方法及实用效果,并从微体系结构漏洞研究方法、漏洞防护及安全设计等方面,进一步探讨了处理器微体系结构安全的研究方向和发展趋势。In the instruction pipeline,cache structures such as Cache and TLB,which are added to improve the execution efficiency of computer systems,are shared by different processes.The sharing of these cache structures and related execu-tion units between different processes breaks the security boundary implemented in computer systems based on memory isolation,which in turn breaks the confidentiality and integrity of entire computer systems.The disclosure of attacks on processor’s micro-architecture such as Spectre and Meltdown indicates that the performance optimization techniques,such as out-of-order execution,branch prediction and speculative execution,that are used in current processors have some seri-ous security flaws.They are capable to threat the entire computer ecosystem.Although there are many methods and tools for vulnerability detection and security protection of operating system kernel and user space applications,these methods and tools are not capable to be directly applied to detect the micro-architecture vulnerabilities which are hidden in the mi-cro-architecture.Once a vulnerability occurs in a micro-architecture,it will be more dangerous and difficult to fix.In addi-tion,because the implementation details of micro-architecture are not published by the processor vendors(e.g.,Intel,AMD,and ARM),micro-architecture remains in a black-box state for micro-architecture security researchers.Moreover,there is a lack of tools and methods to assist in the analysis of micro-architecture.This also makes the security analysis of mi-cro-architecture very difficult.Therefore,In this paper,we begin with the security threats in the current design of processor micro-architecture to analyze the roots of the micro-architecture vulnerabilities,and summarize seven attack methods on the existing processor micro-architecture.We systematically illustrate 10 kinds of software and hardware defense mecha-nisms and summarize the effects of them.Besides,we further discuss the research and development trend of mi-cro-architecture se

关 键 词：处理器微体系结构安全 微指令集漏洞 信息泄露 侧信道攻击 防御技术 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]