CSpace  > 中国科学院计算技术研究所期刊论文  > 英文
Exploiting Security Dependence for Conditional Speculation Against Spectre Attacks
Zhao, Lutan1,2; Li, Peinan1,2; Hou, Rui1,2; Huang, Michael C.5; Liu, Peng6; Zhang, Lixin4; Meng, Dan1,3
2021-07-01
发表期刊IEEE TRANSACTIONS ON COMPUTERS
ISSN0018-9340
卷号70期号:7页码:963-978
摘要Speculative execution side-channel vulnerabilities such as Spectre reveal that conventional architecture designs lack security consideration. This article proposes a software transparent defense framework, named as Conditional Speculation, against Spectre vulnerabilities found on traditional out-of-order microprocessors. It introduces the concept of security dependence to mark speculative memory instructions which could leak information with potential security risks. More specifically, security-dependent instructions are detected and marked with suspect speculation flags in the Issue Queue. All the instructions can be speculatively issued for execution in accordance with the classic out-of-order pipeline. For those instructions with suspect speculation flags, they are considered as safe instructions if their speculative execution dose not refill new cache lines with unauthorized privilege data. Otherwise, they are considered as unsafe instructions and thus not allowed to execute speculatively. To pursue a balance of performance and security, we investigate two filtering mechanisms, Cache-hit-based Hazard Filter and Trusted Page Buffer-based Hazard Filter to filter out false security hazards. As for true security hazards, we have two approaches to prevent them from changing cache states. One is to block all unsafe access, the other is to fetch them from lower-level caches or memory to a speculative buffer temporarily, and refill them after confirming that they are on the correct execution path. Our design philosophy is to speculatively execute safe instructions to maintain the performance benefits of out-of-order execution while delaying the cache updates for speculative execution of unsafe instructions for security consideration. We evaluate Conditional Speculation in terms of performance, security, and area. The experimental results show that the hardware overhead is marginal and the performance overhead is minimal.
关键词Security Hazards Micromechanical devices Microarchitecture Out of order Registers Spectre vulnerabilities defense security dependence speculative execution side-channel vulnerabilities
DOI10.1109/TC.2020.2997555
收录类别SCI
语种英语
WOS研究方向Computer Science ; Engineering
WOS类目Computer Science, Hardware & Architecture ; Engineering, Electrical & Electronic
WOS记录号WOS:000659547700001
出版者IEEE COMPUTER SOC
引用统计
被引频次:1[WOS]   [WOS记录]     [WOS相关记录]
文献类型期刊论文
条目标识符http://119.78.100.204/handle/2XEOYT63/17616
专题中国科学院计算技术研究所期刊论文_英文
通讯作者Hou, Rui
作者单位1.Chinese Acad Sci, Inst Informat Engn, State Key Lab Informat Secur, Beijing, Peoples R China
2.Univ Chinese Acad Sci, Beijing 100049, Peoples R China
3.Univ Chinese Acad Sci, Sch Cyber Secur, Beijing 100049, Peoples R China
4.Chinese Acad Sci, Inst Comp Technol, Beijing 100190, Peoples R China
5.Univ Rochester, Rochester, NY 14627 USA
6.Penn State Univ, Cyber Secur Lab, State Coll, PA 16801 USA
推荐引用方式
GB/T 7714
Zhao, Lutan,Li, Peinan,Hou, Rui,et al. Exploiting Security Dependence for Conditional Speculation Against Spectre Attacks[J]. IEEE TRANSACTIONS ON COMPUTERS,2021,70(7):963-978.
APA Zhao, Lutan.,Li, Peinan.,Hou, Rui.,Huang, Michael C..,Liu, Peng.,...&Meng, Dan.(2021).Exploiting Security Dependence for Conditional Speculation Against Spectre Attacks.IEEE TRANSACTIONS ON COMPUTERS,70(7),963-978.
MLA Zhao, Lutan,et al."Exploiting Security Dependence for Conditional Speculation Against Spectre Attacks".IEEE TRANSACTIONS ON COMPUTERS 70.7(2021):963-978.
条目包含的文件
条目无相关文件。
个性服务
推荐该条目
保存到收藏夹
查看访问统计
导出为Endnote文件
谷歌学术
谷歌学术中相似的文章
[Zhao, Lutan]的文章
[Li, Peinan]的文章
[Hou, Rui]的文章
百度学术
百度学术中相似的文章
[Zhao, Lutan]的文章
[Li, Peinan]的文章
[Hou, Rui]的文章
必应学术
必应学术中相似的文章
[Zhao, Lutan]的文章
[Li, Peinan]的文章
[Hou, Rui]的文章
相关权益政策
暂无数据
收藏/分享
所有评论 (0)
暂无评论
 

除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。