TY - GEN
T1 - Opening pandora's box
T2 - 48th ACM/IEEE Annual International Symposium on Computer Architecture, ISCA 2021
AU - Vicarte, Jose Rodrigo Sanchez
AU - Shome, Pradyumna
AU - Nayak, Nandeeka
AU - Trippel, Caroline
AU - Morrison, Adam
AU - Kohlbrenner, David
AU - Fletcher, Christopher W.
N1 - Funding Information:
VIII. CONCLUSION This paper performed a systematic study of the computer architecture literature through a security lens. We found a range of microarchitectural optimizations with novel security implications—ranging from ones as devastating as Spectre/Meltdown (but without relying on speculative execution) to ones that render constant-time programming ineffective, or in need of overhaul. They further implicate a number of Computer Architecture concepts, ranging from value locality to compressibility to prediction to prefetching. While we believe that many are not implemented in commercial machines today, some may indeed be; and others are seeing a resurgence in interest. In any case, given the slowing of Moore’s law, it stands to reason that many could be implemented in the future and we should be ready. Acknowledgements. We thank the anonymous reviewers for their helpful feedback, and thank Dean Tullsen for many insightful conversations over the years. This work was partially funded by an Intel ISRA grant, NSF grants #1816226 and #1942888, and ISF grant #2005/17.
Publisher Copyright:
© 2021 IEEE.
PY - 2021/6
Y1 - 2021/6
N2 - Microarchitectural attacks have plunged Computer Architecture into a security crisis. Yet, as the slowing of Moore's law justifies the use of ever more exotic microarchitecture, it is likely we have only seen the tip of the iceberg.To better anticipate this security crisis, this paper performs a systematic security-centric analysis of the Computer Architecture literature. Our rationale is that when implementing current and future processors, microarchitects will (quite reasonably) look to previously-proposed ideas. Our study uncovers seven classes of microarchitectural optimization with novel security implications, proposes a conceptual framework through which to study them and demonstrates several proofs-of-concept to show their efficacy. The optimizations we study range from those that leak as much privacy as Spectre/Meltdown (but without exploiting speculative execution) to those that otherwise undermine security-critical programs in a variety of ways. Many have storied histories - ranging from industry patents to media/3rd party speculation regarding current implementation status to recent renewed interest in the academic community. This paper's goal is to perform an early (hopefully not too late) analysis to inform their development moving forward.
AB - Microarchitectural attacks have plunged Computer Architecture into a security crisis. Yet, as the slowing of Moore's law justifies the use of ever more exotic microarchitecture, it is likely we have only seen the tip of the iceberg.To better anticipate this security crisis, this paper performs a systematic security-centric analysis of the Computer Architecture literature. Our rationale is that when implementing current and future processors, microarchitects will (quite reasonably) look to previously-proposed ideas. Our study uncovers seven classes of microarchitectural optimization with novel security implications, proposes a conceptual framework through which to study them and demonstrates several proofs-of-concept to show their efficacy. The optimizations we study range from those that leak as much privacy as Spectre/Meltdown (but without exploiting speculative execution) to those that otherwise undermine security-critical programs in a variety of ways. Many have storied histories - ranging from industry patents to media/3rd party speculation regarding current implementation status to recent renewed interest in the academic community. This paper's goal is to perform an early (hopefully not too late) analysis to inform their development moving forward.
UR - http://www.scopus.com/inward/record.url?scp=85114694994&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85114694994&partnerID=8YFLogxK
U2 - 10.1109/ISCA52012.2021.00035
DO - 10.1109/ISCA52012.2021.00035
M3 - Conference contribution
AN - SCOPUS:85114694994
T3 - Proceedings - International Symposium on Computer Architecture
SP - 347
EP - 360
BT - Proceedings - 2021 ACM/IEEE 48th Annual International Symposium on Computer Architecture, ISCA 2021
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 14 June 2021 through 19 June 2021
ER -