2020 53rd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO) 2020
DOI: 10.1109/micro50266.2020.00094
|View full text |Cite
|
Sign up to set email alerts
|

Speculation Invariance (InvarSpec): Faster Safe Execution Through Program Analysis

Abstract: Many hardware-based defense schemes against speculative execution attacks use special mechanisms to protect instructions while speculative, and lift the mechanisms when the instructions turn non-speculative. In this paper, we observe that speculative instructions can sometimes become Speculation Invariant before turning non-speculative. Speculation invariance means that (i) whether the instruction will execute and (ii) the instruction's operands are not a function of speculative state. Hence, we propose to lif… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
17
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
5
2
1

Relationship

1
7

Authors

Journals

citations
Cited by 20 publications
(17 citation statements)
references
References 37 publications
0
17
0
Order By: Relevance
“…The sample set of fifteen co-running benchmark applications are selected from the SPEC2017rate suite [16]. For each SPEC application, we utilize the SimPoint methodology [21] to run up to 10 representative intervals of 50 million instructions each to accurately reflect the application's performance [35]. The caches are populated prior to interval data collection using 1 million warm-up instructions, and all simulations are run using gem5's system call emulation mode.…”
Section: Evaluation 61 Experimental Setupmentioning
confidence: 99%
“…The sample set of fifteen co-running benchmark applications are selected from the SPEC2017rate suite [16]. For each SPEC application, we utilize the SimPoint methodology [21] to run up to 10 representative intervals of 50 million instructions each to accurately reflect the application's performance [35]. The caches are populated prior to interval data collection using 1 million warm-up instructions, and all simulations are run using gem5's system call emulation mode.…”
Section: Evaluation 61 Experimental Setupmentioning
confidence: 99%
“…InvarSpec is not itself a speculative side-channel defense but rather a framework that detects when a speculative instruction becomes speculation invariant and upon detection lifts any existing protections for the instruction [16]. InvarSpec consists of two main parts.…”
Section: B Speculation Invariance: Invarspecmentioning
confidence: 99%
“…Each instruction has its safe set (SS) defined by the compiler and corresponds to the instruction's control and data dependencies on the instructions in the set [16].…”
Section: B Speculation Invariance: Invarspecmentioning
confidence: 99%
See 1 more Smart Citation
“…In the most naïve approach, we can consider handles to be safe when they reach the head of the ROB and are retired, but this is awfully pessimistic. Instead, we draw from the existing research on speculative execution [3,6,[37][38][39]50,56] and consider handles as safe when they can no longer cause squashing, regardless of their position in the ROB. Specifically, we have adopted the approach of using speculative shadows by Sakalis et al [37][38][39], a mechanism for detecting the earliest point at which an instruction is no longer speculative.…”
Section: Handles and The Window Of Speculationmentioning
confidence: 99%