Secure Speculation via Speculative Secret Flow Tracking  

作　　者：崔宏伟 杨春 程旭 Hong-Wei Cui;Chun Yang;Xu Cheng(School of Computer Science,Engineering Research Center of Microprocessor and System Peking University,Beijing 100871,China)

机构地区：[1]School of Computer Science,Engineering Research Center of Microprocessor and System Peking University,Beijing 100871,China

出　　处：《Journal of Computer Science & Technology》2023年第2期422-438,共17页计算机科学技术学报（英文版）

基　　金：supported by the Key-Area Research and Development Program of Guangdong Province of China under Grant No.2018B010115002.

摘　　要：Speculative execution attacks can leak arbitrary program data under malicious speculation,presenting a severe security threat.Based on two key observations,this paper presents a software-transparent defense mechanism called speculative secret flow tracking(SSFT),which is capable of defending against all cache-based speculative execution attacks with a low performance overhead.First,we observe that the attacker must use array or pointer variables in the victim code to access arbitrary memory data.Therefore,we propose a strict definition of secret data to reduce the amount of data to be protected.Second,if the load is not data-dependent and control-dependent on secrets,its speculative execution will not leak any secrets.Thus,this paper introduces the concept of speculative secret flow to analyze how secret data are obtained and propagated during speculative execution.By tracking speculative secret flow in hardware,SSFT can identify all unsafe speculative loads(USLs)that are dependent on secrets.Moreover,SSFT exploits three different methods to constrain USLs’speculative execution and prevent them from leaking secrets into the cache and translation lookaside buffer(TLB)states.This paper evaluates the performance of SSFT on the SPEC CPU 2006 workloads,and the results show that SSFT is effective and its performance overhead is very low.To defend against all speculative execution attack variants,SSFT only incurs an average slowdown of 4.5%(Delay USL-L1Miss)or 3.8%(Invisible USLs)compared to a non-secure processor.Our analysis also shows that SSFT maintains a low hardware overhead.

关 键 词：cache side channel attack HARDWARE speculative execution attack security 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]