SpectreGuard

Fustos, Jacob; Farshchi, Farzad; Yun, Heechul

doi:10.1145/3316781.3317914

Cited by 46 publications

(14 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A defense can delay the speculative execution until it is authorized. Row 5 in Table 1 includes mechanisms to delay the speculative secret access, e.g., Context-sensitive Fencing [55] and secure bounds check [43] and row 6 analyzes defenses delaying the forwarding (use) of secret, e.g., NDA [62], Spec-treGuard [15], ConTExT [52], SpecShield [3] and STT [68]. These defenses can mitigate multiple covert channels but can only protect specified accesses such as loads of memory or special register reads.…”

Section: Analysis Of Past Hardware Defensesmentioning

confidence: 99%

“…We verify the security against a strong attacker who knows or controls the input data to the AES algorithm and tries to recover the key by executing memory accesses and observing timing differences. The side-channel attack on AES is repeated by 2 15 times with random input data and the receiver's timing measurements are averaged as the final results. Flush-reload Side-channel Attack.…”

Section: Security: Side-channel Attackmentioning

confidence: 99%

See 1 more Smart Citation

SoK: Hardware Defenses Against Speculative Execution Attacks

Lee

2021

2021 International Symposium on Secure and Private Execution Environment Design (SEED)

View full text Add to dashboard Cite

Speculative execution attacks leverage the speculative and out-of-order execution features in modern computer processors to access secret data or execute code that should not be executed. Secret information can then be leaked through a covert channel. While software patches can be installed for mitigation on existing hardware, these solutions can incur big performance overhead. Hardware mitigation is being studied extensively by the computer architecture community. It has the benefit of preserving software compatibility and the potential for much smaller performance overhead than software solutions.This paper presents a systematization of the hardware defenses against speculative execution attacks that have been proposed. We show that speculative execution attacks consist of 6 critical attack steps. We propose defense strategies, each of which prevents a critical attack step from happening, thus preventing the attack from succeeding. We then summarize 20 hardware defenses and overhead-reducing features that have been proposed. We show that each defense proposed can be classified under one of our defense strategies, which also explains why it can thwart the attack from succeeding. We discuss the scope of the defenses, their performance overhead, and the security-performance trade-offs that can be made.

show abstract

Section: Analysis Of Past Hardware Defensesmentioning

confidence: 99%

Section: Security: Side-channel Attackmentioning

confidence: 99%

SoK: Hardware Defenses Against Speculative Execution Attacks

Lee

2021

2021 International Symposium on Secure and Private Execution Environment Design (SEED)

View full text Add to dashboard Cite

show abstract

“…KAISER [11] protects against Meltdown by enforcing strict user and kernel space isolation but is ineffective against Spectre. Other software-based mitigations [8,20,32] propose annotationbased mechanisms for protecting secret data, as an effort to reduce the overhead, but require additional hardware, compiler, and OS support.…”

Section: Related Workmentioning

confidence: 99%

“…(2) Delaying speculative execution until speculation can be resolved. Solutions such as Delay-on-Miss [30], Conditional Speculation [20], SpectreGuard [8], NDA [37], and Speculative Taint Tracking (STT) [40,41] selectively delay instructions when they might be used to leak information. Some, such as Conditional Speculation and SpectreGuard, only try to protect data marked by the user as sensitive, while others, such as Delay-on-Miss, work on all data.…”

Section: Related Workmentioning

confidence: 99%

Clearing the Shadows

Tran

Sakalis

Själander

et al. 2020

Proceedings of the ACM International Conference on Parallel Architectures and Compilation Techniques

View full text Add to dashboard Cite

Out-of-order processors heavily rely on speculation to achieve high performance, allowing instructions to bypass other slower instructions in order to fully utilize the processor's resources. Speculatively executed instructions do not affect the correctness of the application, as they never change the architectural state, but they do affect the micro-architectural behavior of the system. Until recently, these changes were considered to be safe but with the discovery of new security attacks that misuse speculative execution to leak secrete information through observable micro-architectural changes (so called side-channels), this is no longer the case. To solve this issue, a wave of software and hardware mitigations have been proposed, the majority of which delay and/or hide speculative execution until it is deemed to be safe, trading performance for security. These newly enforced restrictions change how speculation is applied and where the performance bottlenecks appear, forcing us to rethink how we design and optimize both the hardware and the software. We observe that many of the state-of-the-art hardware solutions targeting memory systems operate on a common scheme: the visible execution of loads or their dependents is blocked until they become safe to execute. In this work we propose a generally applicable hardware-software extension that focuses on removing the causes of loads' unsafety, generally caused by control and memory dependence speculation. As a result, we manage to make more loads safe to execute at an early stage, which enables us to schedule more loads at a time to overlap their delays and improve performance. We apply our techniques on the state-of-the-art Delay-on-Miss hardware defense and show that we reduce the performance gap to the unsafe baseline by 53% (on average).

show abstract

“…In this paper, we investigate how to provide efficient provably secure speculation for the constanttime policy under a wide range of speculation mechanisms. Specifically, we apply the hardware-software contract framework to another class of hardware taint-tracking mechanisms explicitly tracking secrecy of data in the microarchitecture (e.g., systems like ConTExT [32], SpectreGuard [33], or SPT [34]). In such systems, a constant-time program informs the processor about which memory cells contain secret data.…”

Section: Introductionmentioning

confidence: 99%

ProSpeCT: Provably Secure Speculation for the Constant-Time Policy (Extended version)

Daniel¹,

Bognar²,

Noorman³

et al. 2023

Preprint

View full text Add to dashboard Cite

We propose PROSPECT, a generic formal processor model providing provably secure speculation for the constant-time policy. For constant-time programs under a non-speculative semantics, PROSPECT guarantees that speculative and out-oforder execution cause no microarchitectural leaks. This guarantee is achieved by tracking secrets in the processor pipeline and ensuring that they do not influence the microarchitectural state during speculative execution. Our formalization covers a broad class of speculation mechanisms, generalizing prior work. As a result, our security proof covers all known Spectre attacks, including load value injection (LVI) attacks.In addition to the formal model, we provide a prototype hardware implementation of PROSPECT on a RISC-V processor and show evidence of its low impact on hardware cost, performance, and required software changes. In particular, the experimental evaluation confirms our expectation that for a compliant constant-time binary, enabling ProSpeCT incurs no performance overhead.

show abstract

SpectreGuard

Cited by 46 publications

References 8 publications

SoK: Hardware Defenses Against Speculative Execution Attacks

SoK: Hardware Defenses Against Speculative Execution Attacks

Clearing the Shadows

ProSpeCT: Provably Secure Speculation for the Constant-Time Policy (Extended version)

Contact Info

Product

Resources

About