TY - GEN
T1 - Speculative Data-Oblivious Execution
T2 - 47th ACM/IEEE Annual International Symposium on Computer Architecture, ISCA 2020
AU - Yu, Jiyong
AU - Mantri, Namrata
AU - Torrellas, Josep
AU - Morrison, Adam
AU - Fletcher, Christopher W.
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/5
Y1 - 2020/5
N2 - Speculative execution attacks are an enormous security threat. In these attacks, malicious speculative execution reads and exfiltrates potentially arbitrary program data through microarchitectural covert channels. Correspondingly, prior work has shown how to comprehensively block such attacks by delaying the execution of covert channel-creating instructions until their operands are a function of non-speculative data. This paper's premise is that it is safe to execute these potentially dangerous instructions early, improving performance, as long as their execution does not require operand-dependent hardware resource usage, i.e., is data oblivious. While secure, this idea can easily reduce, not improve, performance. Intuitively, data obliviousness implies doing the worst case work all the time. Our key idea to get net speedup is that it is safe to predict what will be, and to subsequently perform, the work needed to satisfy the common case, as long as the prediction itself does not leak privacy. We call the complete scheme - predicting the form of data-oblivious execution - Speculative Data-Oblivious Execution (SDO). We build SDO on top of a recent comprehensive and state-of-the-art protection called STT. Extending security arguments from STT, we show how the predictions do not reveal private information, enabling safe and efficient speculative execution. We evaluate the combined scheme, STT + SDO, on a set of SPEC17 workloads and find that it improves the performance of stand-alone STT by an average 36.3% to 55.1%, depending on the microarchitecture and attack model - and without changing STT's security guarantees.
AB - Speculative execution attacks are an enormous security threat. In these attacks, malicious speculative execution reads and exfiltrates potentially arbitrary program data through microarchitectural covert channels. Correspondingly, prior work has shown how to comprehensively block such attacks by delaying the execution of covert channel-creating instructions until their operands are a function of non-speculative data. This paper's premise is that it is safe to execute these potentially dangerous instructions early, improving performance, as long as their execution does not require operand-dependent hardware resource usage, i.e., is data oblivious. While secure, this idea can easily reduce, not improve, performance. Intuitively, data obliviousness implies doing the worst case work all the time. Our key idea to get net speedup is that it is safe to predict what will be, and to subsequently perform, the work needed to satisfy the common case, as long as the prediction itself does not leak privacy. We call the complete scheme - predicting the form of data-oblivious execution - Speculative Data-Oblivious Execution (SDO). We build SDO on top of a recent comprehensive and state-of-the-art protection called STT. Extending security arguments from STT, we show how the predictions do not reveal private information, enabling safe and efficient speculative execution. We evaluate the combined scheme, STT + SDO, on a set of SPEC17 workloads and find that it improves the performance of stand-alone STT by an average 36.3% to 55.1%, depending on the microarchitecture and attack model - and without changing STT's security guarantees.
KW - Hardware
KW - Information flow
KW - Security
KW - Speculative execution attacks
UR - http://www.scopus.com/inward/record.url?scp=85085664503&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85085664503&partnerID=8YFLogxK
U2 - 10.1109/ISCA45697.2020.00064
DO - 10.1109/ISCA45697.2020.00064
M3 - Conference contribution
AN - SCOPUS:85085664503
T3 - Proceedings - International Symposium on Computer Architecture
SP - 707
EP - 720
BT - Proceedings - 2020 ACM/IEEE 47th Annual International Symposium on Computer Architecture, ISCA 2020
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 30 May 2020 through 3 June 2020
ER -