BRB: Mitigating Branch Predictor Side-Channels

Vougioukas, Ilias; Nikoleris, Nikos; Sandberg, Andreas; Diestelhorst, Stephan; Al-Hashimi, Bashir M.; Merrett, Geoff V.

doi:10.1109/hpca.2019.00058

Cited by 25 publications

(13 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…-BRB: No encryption. Although the original BRB mechanism [43] replicates only directional predictors (bimodal and TAGE), we can apply a retention buffer to the BTB as well. As shown in Table 3 Note that we do not assume any specific epoch length, but try to show the performance impact of different epoch lengths.…”

Section: Resultsmentioning

confidence: 99%

“…6.2.6 Checkpoint. BRB [43] is the state-of-the-art branch predictor side-channel mitigation. BRB maintains a small checkpoint (1.5 to 3KB) of branch predictor states for each context upon context switches and restores it once the context becomes active.…”

Section: Encryption Scattercachementioning

confidence: 99%

“…-We propose an efficient bank-level-parallelism-aware set update mechanism to update branch predictor entries upon key changes. -We compare our mechanism against the Branch Retention Buffer (BRB) [43], the state-ofthe-art branch predictor side-channel mitigation, and our mechanism significantly outperforms BRB with much smaller hardware overhead. -Our update mechanism has negligible performance degradation while providing a more secure branch prediction even with a very short epoch length.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Securing Branch Predictors with Two-Level Encryption

Lee

Ishíi

Sunwoo

2020

ACM Trans. Archit. Code Optim.

View full text Add to dashboard Cite

Modern processors rely on various speculative mechanisms to meet performance demand. Branch predictors are one of the most important micro-architecture components to deliver performance. However, they have been under heavy scrutiny because of recent side-channel attacks. Branch predictors are indexed using the PC and recent branch histories. An adversary can manipulate these parameters to access and control the same branch predictor entry that a victim uses. Recent Spectre attacks exploit this to set up speculative-executionbased security attacks. In this article, we aim to mitigate branch predictor side-channels using two-level encryption. At the first level, we randomize the set-index by encrypting the PC using a per-context secret key. At the second level, we encrypt the data in each branch predictor entry. While periodic key changes make the branch predictor more secure, performance degradation can be significant. To alleviate performance degradation, we propose a practical set update mechanism that also considers parallelism in multi-banked branch predictors. We show that our mechanism exhibits only 1.0% and 0.2% performance degradation while changing keys every 10K and 50K cycles, respectively, which is much lower than other state-of-the-art approaches. CCS Concepts: • Security and privacy → Side-channel analysis and countermeasures; • Computer systems organization → Architectures;

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Encryption Scattercachementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Securing Branch Predictors with Two-Level Encryption

Lee

Ishíi

Sunwoo

2020

ACM Trans. Archit. Code Optim.

View full text Add to dashboard Cite

show abstract

“…x Prevent malicious training. BRB [43] allocates separate branch predictor tables for different process to defend against training across process. SPECCFI [44] embeds Control Flow Integrity (CFI) principles into the branch prediction decisions to constrain dangerous speculation.…”

Section: Related Workmentioning

confidence: 99%

Exploiting Security Dependence for Conditional Speculation Against Spectre Attacks

Zhao

Hou

et al. 2021

IEEE Trans. Comput.

View full text Add to dashboard Cite

Speculative execution side-channel vulnerabilities such as Spectre reveal that conventional architecture designs lack security consideration. This paper proposes a software transparent defense framework, named as Conditional Speculation, against Spectre vulnerabilities found on traditional out-of-order microprocessors. It introduces the concept of security dependence to mark speculative memory instructions which could leak information with potential security risks. More specifically, security-dependent instructions are detected and marked with suspect speculation flags in the Issue Queue. All the instructions can be speculatively issued for execution in accordance with the classic out-of-order pipeline. For those instructions with suspect speculation flags, they are considered as safe instructions if their speculative execution dose not refill new cache lines with unauthorized privilege data. Otherwise, they are considered as unsafe instructions and thus not allowed to execute speculatively. To pursue a balance of performance and security, we investigate two filtering mechanisms, Cache-hit based Hazard Filter and Trusted Page Buffer based Hazard Filter to filter out false security hazards. As for true security hazards, we have two approaches to prevent them from changing cache states. One is to block all unsafe access, the other is to fetch them from lower-level caches or memory to a speculative buffer temporarily, and refill them after confirming that they are on the correct execution path. Our design philosophy is to speculatively execute safe instructions to maintain the performance benefits of out-of-order execution while delaying the cache updates for speculative execution of unsafe instructions for security consideration. We evaluate Conditional Speculation in terms of performance, security, and area. The experimental results show that the hardware overhead is marginal and the performance overhead is minimal.

show abstract

“…Despite significant efforts directed towards designing other secure microarchitectural components e.g., caches [14], [31], [43], [63], [76], [78], [80] and memory buses [4], [40], [66], secure BPU designs remain a handful of attempts [20], [38], [77]. More importantly, none of existing approaches completely eliminate BPU vulnerabilities.…”

Section: Introductionmentioning

confidence: 99%

STBPU: A Reasonably Secure Branch Prediction Unit

Zhang¹,

Lesch²,

Koltermann³

et al. 2021

Preprint

View full text Add to dashboard Cite

Modern processors have suffered a deluge of dangerous side channel and speculative execution attacks that exploit vulnerabilities rooted in branch predictor units (BPU). Many such attacks exploit the shared use of the BPU between unrelated processes, which allows malicious processes to retrieve sensitive data or enable speculative execution attacks. Attacks that exploit collisions between different branch instructions inside the BPU are among the most dangerous. Various protections and mitigations are proposed such as CPU microcode updates, secured cache designs, fencing mechanisms, invisible speculations. While some effectively mitigate speculative execution attacks, they overlook BPU as an attack vector, leaving BPU prone to malicious collisions and resulting critical penalty such as advanced micro-op cache attacks. Furthermore, some mitigations severely hamper the accuracy of the BPU resulting in increased CPU performance overhead. To address these, we present the secret token branch predictor unit (STBPU), a branch predictor design that mitigates collision-based speculative execution attacks and BPU side channel whilst incurring little to no performance overhead. STBPU achieves this by customizing inside data representations for each software entity requiring isolation. To prevent more advanced attacks, STBPU monitors hardware events and preemptively changes how STBPU data is stored and interpreted.

show abstract

BRB: Mitigating Branch Predictor Side-Channels

Cited by 25 publications

References 24 publications

Securing Branch Predictors with Two-Level Encryption

Securing Branch Predictors with Two-Level Encryption

Exploiting Security Dependence for Conditional Speculation Against Spectre Attacks

STBPU: A Reasonably Secure Branch Prediction Unit

Contact Info

Product

Resources

About