Exploring Branch Predictors for Constructing Transient Execution Trojans

Abstract: Transient execution is one of the most critical features used in CPUs to achieve high performance. Recent Spectre attacks demonstrated how this feature can be manipulated to force applications to reveal sensitive data. The industry quickly responded with a series of software and hardware mitigations among which microcode patches are the most prevalent and trusted. In this paper, we argue that currently deployed protections still leave room for constructing attacks. We do so by presenting transient trojans, sof… Show more

“…The baseline reflects the branch predictor (including structure sizes) used in Intel Skylake microarchitecture. Derived based on recent reverseengineering works [16], [18], [33], [36], [46], [85], it represents a generalization of mechanisms used in modern Intel processors. STBPU can be applied to different branch predictors, e.g., [68], [69], as it adds security guarantees without altering any prediction principles.…”

“…Mode two is only used when predicting indirect branches, and serves as a fall-back mechanism for predicting returns. This addressing enables storing multiple targets for a single indirect branch depending on the context [16], [33], [85]. PHT is a large (16k entry) table consisting of n-bit (e.g.…”

“…This structure is used as a base predictor to predict the direction of conditional branches. Previous studies [7], [18], [25], [85] indicated presence of mechanism similar to gshare [83] with two modes of addressing: the simple 1-level mode where virtual address of branch is used to find a PHT entry, and a more complex 2-level mode where the branch virtual address is hashed with global history register (GHR) enabling accurate prediction complex patterns. RSB is used to predict return instructions.…”

“…If branch predictor is flushed on context switch attacks such as Spectre v2, Jump-over-ASLR and others can be fully mitigated. Soure and target branch addresses and calls, taken/nontaken patterns [3], [16], [18], [36], [39] Timing channel due to A controlling predictions in V [3], speculative execution attacks [13], [33], [36], [46], [67], [85] V's jmp taken/nontaken [3] and call pattens, branch instruction virtual address [33] Timing channel due to A forcing static default predictions [3], speculatively execute gadget at static prediction address [ Intel has proposed a set of microcode-based protections which aim to mitigate speculative execution attacks on legacy CPUs by restricting BPU structure sharing. These protections include Indirect Branch Restricted Speculation (IBRS), Indirect Branch Prediction Barrier (IBPB), and Single Threaded Indirect Branch Prediction (STIBP) [27].…”

STBPU: A Reasonably Secure Branch Prediction Unit

“…The baseline reflects the branch predictor (including structure sizes) used in Intel Skylake microarchitecture. Derived based on recent reverseengineering works [16], [18], [33], [36], [46], [85], it represents a generalization of mechanisms used in modern Intel processors. STBPU can be applied to different branch predictors, e.g., [68], [69], as it adds security guarantees without altering any prediction principles.…”

“…Mode two is only used when predicting indirect branches, and serves as a fall-back mechanism for predicting returns. This addressing enables storing multiple targets for a single indirect branch depending on the context [16], [33], [85]. PHT is a large (16k entry) table consisting of n-bit (e.g.…”

“…This structure is used as a base predictor to predict the direction of conditional branches. Previous studies [7], [18], [25], [85] indicated presence of mechanism similar to gshare [83] with two modes of addressing: the simple 1-level mode where virtual address of branch is used to find a PHT entry, and a more complex 2-level mode where the branch virtual address is hashed with global history register (GHR) enabling accurate prediction complex patterns. RSB is used to predict return instructions.…”

“…If branch predictor is flushed on context switch attacks such as Spectre v2, Jump-over-ASLR and others can be fully mitigated. Soure and target branch addresses and calls, taken/nontaken patterns [3], [16], [18], [36], [39] Timing channel due to A controlling predictions in V [3], speculative execution attacks [13], [33], [36], [46], [67], [85] V's jmp taken/nontaken [3] and call pattens, branch instruction virtual address [33] Timing channel due to A forcing static default predictions [3], speculatively execute gadget at static prediction address [ Intel has proposed a set of microcode-based protections which aim to mitigate speculative execution attacks on legacy CPUs by restricting BPU structure sharing. These protections include Indirect Branch Restricted Speculation (IBRS), Indirect Branch Prediction Barrier (IBPB), and Single Threaded Indirect Branch Prediction (STIBP) [27].…”

STBPU: A Reasonably Secure Branch Prediction Unit

“…With the prevalence of public cloud computing, the operating system can be compromised in some hostile environments, which makes security attacks even easier. Branch predictors are one of the earliest discovered and frequently targeted side-channels [8,9,21,22,50]. They can be vulnerable because different contexts 1 share them within the same physical core.…”

Securing Branch Predictors with Two-Level Encryption

TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors