TY - GEN
T1 - Speculative Privacy Tracking (SPT)
T2 - 54th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 2021
AU - Choudhary, Rutvik
AU - Yu, Jiyong
AU - Fletcher, Christopher W.
AU - Morrison, Adam
N1 - Publisher Copyright:
© 2021 Association for Computing Machinery.
PY - 2021/10/18
Y1 - 2021/10/18
N2 - Speculative execution attacks put a dangerous new twist on information leakage through microarchitectural side channels. Ordinarily, programmers can reason about leakage based on the program's semantics, and prevent said leakage by carefully writing the program to not pass secrets to covert channel-creating "transmitter"instructions, such as branches and loads. Speculative execution breaks this defense, because a transmitter might mis-speculatively execute with a secret operand even if it can never execute with said operand in valid executions. This paper proposes a new security definition that enables hardware to provide comprehensive, low-overhead and transparent-tosoftware protection against these attacks. The key idea is that it is safe to speculatively execute a transmitter without any protection if its operands were already leaked by the non-speculative execution. Based on this definition we design Speculative Privacy Tracking (SPT), a hardware protection that delays execution of every transmitter until it can prove that the transmitter's operands leak during the program's non-speculative execution. Using a novel dynamic information flow analysis microarchitecture, SPT efficiently proves when such an operand declassification implies that other data becomes declassified, which enables other delayed transmitters to be executed safely. We evaluate SPT on SPEC2017 and constant-time code benchmarks, and find that it adds only 45%/11% overhead on average (depending on the attack model) relative to an insecure processor. Compared to a secure baseline with the same protection scope, SPT reduces overhead by an average 3.6×/3×.
AB - Speculative execution attacks put a dangerous new twist on information leakage through microarchitectural side channels. Ordinarily, programmers can reason about leakage based on the program's semantics, and prevent said leakage by carefully writing the program to not pass secrets to covert channel-creating "transmitter"instructions, such as branches and loads. Speculative execution breaks this defense, because a transmitter might mis-speculatively execute with a secret operand even if it can never execute with said operand in valid executions. This paper proposes a new security definition that enables hardware to provide comprehensive, low-overhead and transparent-tosoftware protection against these attacks. The key idea is that it is safe to speculatively execute a transmitter without any protection if its operands were already leaked by the non-speculative execution. Based on this definition we design Speculative Privacy Tracking (SPT), a hardware protection that delays execution of every transmitter until it can prove that the transmitter's operands leak during the program's non-speculative execution. Using a novel dynamic information flow analysis microarchitecture, SPT efficiently proves when such an operand declassification implies that other data becomes declassified, which enables other delayed transmitters to be executed safely. We evaluate SPT on SPEC2017 and constant-time code benchmarks, and find that it adds only 45%/11% overhead on average (depending on the attack model) relative to an insecure processor. Compared to a secure baseline with the same protection scope, SPT reduces overhead by an average 3.6×/3×.
UR - http://www.scopus.com/inward/record.url?scp=85118842739&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85118842739&partnerID=8YFLogxK
U2 - 10.1145/3466752.3480068
DO - 10.1145/3466752.3480068
M3 - Conference contribution
AN - SCOPUS:85118842739
T3 - Proceedings of the Annual International Symposium on Microarchitecture, MICRO
SP - 607
EP - 622
BT - MICRO 2021 - 54th Annual IEEE/ACM International Symposium on Microarchitecture, Proceedings
PB - IEEE Computer Society
Y2 - 18 October 2021 through 22 October 2021
ER -