SpectreCheck: An Approach to Detecting Speculative Execution Side Channels in Data Cache

2020 ◽  
Author(s):  
Haifeng Gu ◽  
Mingsong Chen ◽  
Yanzhao Wang ◽  
Fei Xie
Keyword(s):  
Speculative Execution ◽  
Data Cache ◽  
Side Channels

scholarly journals SpecSafe: detecting cache side channels in a speculative world

2021 ◽  
Vol 5 (OOPSLA) ◽  
pp. 1-28
Author(s):  
Robert Brotzman ◽  
Danfeng Zhang ◽  
Mahmut Taylan Kandemir ◽  
Gang Tan
Keyword(s):  
Program Transformation ◽  
Speculative Execution ◽  
Side Channel ◽  
Side Channel Attacks ◽  
False Negatives ◽  
High Profile ◽  
Side Channels ◽  
Confidential Data ◽  
Definition Of ◽  
Semantic Definition

The high-profile Spectre attack and its variants have revealed that speculative execution may leave secret-dependent footprints in the cache, allowing an attacker to learn confidential data. However, existing static side-channel detectors either ignore speculative execution, leading to false negatives, or lack a precise cache model, leading to false positives. In this paper, somewhat surprisingly, we show that it is challenging to develop a speculation-aware static analysis with precise cache models: a combination of existing works does not necessarily catch all cache side channels. Motivated by this observation, we present a new semantic definition of security against cache-based side-channel attacks, called Speculative-Aware noninterference (SANI), which is applicable to a variety of attacks and cache models. We also develop SpecSafe to detect the violations of SANI. Unlike other speculation-aware symbolic executors, SpecSafe employs a novel program transformation so that SANI can be soundly checked by speculation-unaware side-channel detectors. SpecSafe is shown to be both scalable and accurate on a set of moderately sized benchmarks, including commonly used cryptography libraries.

scholarly journals Software-based microarchitectural attacks

2018 ◽  
Vol 60 (5-6) ◽  
pp. 335-341 ◽  
Author(s):  
Daniel Gruss
Keyword(s):  
Computation Time ◽  
Three Dimensions ◽  
Speculative Execution ◽  
Single Cycle ◽  
Side Channels ◽  
University Of Technology ◽  
User Space ◽  
Phd Thesis ◽  
Attacks And Defenses ◽  
Usenix Security Symposium

Abstract Modern processors are highly optimized systems where every single cycle of computation time matters. Many optimizations depend on the data that is being processed. Microarchitectural attacks leak this data (side channels) or exploit physical imperfections to take control of the entire system (fault attacks). In my thesis (D. Gruss. Software-based Microarchitectural Attacks. PhD thesis, Graz University of Technology, 2017), I improved over state of the art in microarchitectural attacks and defenses in three dimensions. I cover these briefly in this summary. First, I show that attacks can be fully automated. Second, I present several novel previously unknown side channels. Third, I show that attacks can be mounted in highly restricted environments such as sandboxed JavaScript code in websites, and on any computer system including smartphones, tablets, personal computers, and commercial cloud systems. These results formed one of the corner stones for attacks like Meltdown (M. Lipp et al. Meltdown: Reading kernel memory from user space. In USENIX Security Symposium, 2018) and Spectre (P. Kocher et al. Spectre attacks: Exploiting speculative execution. In S&P, 2019) which were discovered months after the thesis was concluded.

scholarly journals Specularizer : Detecting Speculative Execution Attacks via Performance Tracing

2021 ◽  
pp. 151-172
Author(s):  
Wubing Wang ◽  
Guoxing Chen ◽  
Yueqiang Cheng ◽  
Yinqian Zhang ◽  
Zhiqiang Lin
Keyword(s):  
Machine Learning Techniques ◽  
Speculative Execution ◽  
Side Channel ◽  
Detection Accuracy ◽  
Performance Counters ◽  
Side Channels ◽  
Learning Techniques ◽  
Hardware Performance Counters ◽  
Critical Paths ◽  
Detection Mechanisms

AbstractThis paper presents Specularizer, a framework for uncovering speculative execution attacks using performance tracing features available in commodity processors. It is motivated by the practical difficulty of eradicating such vulnerabilities in the design of CPU hardware and operating systems and the principle of defense-in-depth. The key idea of Specularizer is the use of Hardware Performance Counters and Processor Trace to perform lightweight monitoring of production applications and the use of machine learning techniques for identifying the occurrence of the attacks during offline forensics analysis. Different from prior works that use performance counters to detect side-channel attacks, Specularizer monitors triggers of the critical paths of the speculative execution attacks, thus making the detection mechanisms robust to different choices of side channels used in the attacks. To evaluate Specularizer, we model all known types of exception-based and misprediction-based speculative execution attacks and automatically generate thousands of attack variants. Experimental results show that Specularizer yields superior detection accuracy and the online tracing of Specularizer incur reasonable overhead.

Hardware Information Flow Tracking

2021 ◽  
Vol 54 (4) ◽  
pp. 1-39
Author(s):  
Wei Hu ◽  
Armaiti Ardeshiricham ◽  
Ryan Kastner
Keyword(s):  
Access Control ◽  
Computer Security ◽  
Information Flow ◽  
Hardware Security ◽  
Computing System ◽  
Security Vulnerabilities ◽  
Information Flow Tracking ◽  
Side Channels ◽  
Security Properties ◽  
Tools And Techniques

Information flow tracking (IFT) is a fundamental computer security technique used to understand how information moves through a computing system. Hardware IFT techniques specifically target security vulnerabilities related to the design, verification, testing, manufacturing, and deployment of hardware circuits. Hardware IFT can detect unintentional design flaws, malicious circuit modifications, timing side channels, access control violations, and other insecure hardware behaviors. This article surveys the area of hardware IFT. We start with a discussion on the basics of IFT, whose foundations were introduced by Denning in the 1970s. Building upon this, we develop a taxonomy for hardware IFT. We use this to classify and differentiate hardware IFT tools and techniques. Finally, we discuss the challenges yet to be resolved. The survey shows that hardware IFT provides a powerful technique for identifying hardware security vulnerabilities, as well as verifying and enforcing hardware security properties.

scholarly journals Decreasing the Miss Rate and Eliminating the Performance Penalty of a Data Filter Cache

2021 ◽  
Vol 18 (3) ◽  
pp. 1-22
Author(s):  
Michael Stokes ◽  
David Whalley ◽  
Soner Onder
Keyword(s):  
Energy Efficient ◽  
Data Access ◽  
Performance Degradation ◽  
Access Time ◽  
Data Cache ◽  
Energy Usage ◽  
Single Cycle ◽  
Performance Penalty

While data filter caches (DFCs) have been shown to be effective at reducing data access energy, they have not been adopted in processors due to the associated performance penalty caused by high DFC miss rates. In this article, we present a design that both decreases the DFC miss rate and completely eliminates the DFC performance penalty even for a level-one data cache (L1 DC) with a single cycle access time. First, we show that a DFC that lazily fills each word in a DFC line from an L1 DC only when the word is referenced is more energy-efficient than eagerly filling the entire DFC line. For a 512B DFC, we are able to eliminate loads of words into the DFC that are never referenced before being evicted, which occurred for about 75% of the words in 32B lines. Second, we demonstrate that a lazily word filled DFC line can effectively share and pack data words from multiple L1 DC lines to lower the DFC miss rate. For a 512B DFC, we completely avoid accessing the L1 DC for loads about 23% of the time and avoid a fully associative L1 DC access for loads 50% of the time, where the DFC only requires about 2.5% of the size of the L1 DC. Finally, we present a method that completely eliminates the DFC performance penalty by speculatively performing DFC tag checks early and only accessing DFC data when a hit is guaranteed. For a 512B DFC, we improve data access energy usage for the DTLB and L1 DC by 33% with no performance degradation.

Design of an Intelligent Data Cache with Replacement Policy

2019 ◽  
Vol 10 (2) ◽  
pp. 87-107
Author(s):  
B. Shameedha Begum ◽  
N. Ramasubramanian
Keyword(s):  
Real Time ◽  
Replacement Policy ◽  
Data Cache ◽  
Cache Performance ◽  
Performance Requirements ◽  
Novel Approach ◽  
Reconfigurable Caches ◽  
Real Time Applications ◽  
Hard Real Time ◽  
Replacement Algorithms

Embedded systems are designed for a variety of applications ranging from Hard Real Time applications to mobile computing, which demands various types of cache designs for better performance. Since real-time applications place stringent requirements on performance, the role of the cache subsystem assumes significance. Reconfigurable caches meet performance requirements under this context. Existing reconfigurable caches tend to use associativity and size for maximizing cache performance. This article proposes a novel approach of a reconfigurable and intelligent data cache (L1) based on replacement algorithms. An intelligent embedded data cache and a dynamic reconfigurable intelligent embedded data cache have been implemented using Verilog 2001 and tested for cache performance. Data collected by enabling the cache with two different replacement strategies have shown that the hit rate improves by 40% when compared to LRU and 21% when compared to MRU for sequential applications which will significantly improve performance of embedded real time application.

scholarly journals An energy-efficient data cache with byte-repeat pattern encoding

2008 ◽  
Vol 5 (19) ◽  
pp. 833-839
Author(s):  
Seungmin Jung ◽  
Hyotaek Shim ◽  
Seungryoul Maeng
Keyword(s):  
Energy Efficient ◽  
Data Cache ◽  
Efficient Data ◽  
Pattern Encoding ◽  
Repeat Pattern
Sign in / Sign up

Export Citation Format

Share Document