short-paper

SVP: Safe and Efficient Speculative Execution Mechanism through Value Prediction

Authors:

Jun HanAuthors Info & Claims

GLSVLSI '23: Proceedings of the Great Lakes Symposium on VLSI 2023

Pages 433 - 437

https://doi.org/10.1145/3583781.3590308

Published: 05 June 2023 Publication History

Abstract

Speculative execution attacks such as Spectre and Meltdown exploit the wrong execution patch to leak private data. In current state-of-the-art defense strategies, executions of all memory accesses that use speculatively-loaded addresses are blocked, resulting in high overhead. Our key observation is that these blocked memory accesses can be executed without operand-dependent hardware resource usage through value prediction. Therefore, we propose a novel hardware defense framework, named Speculative Value Prediction (SVP), to safely and efficiently execute the potentially unsafe memory accesses earlier. We build SVP on the cycle-accurate Gem5 simulator and its performance improvement is positively correlated with the coverage of value predictors. Experiments show that when using the value predictor with 30%/60%/100% coverage, SVP outperforms the state-of-the-art defense mechanism STT in the Spectre model by 21.5%/50.3%/107.7% respectively, and in the Futuristic model by 28.7%/55.4%/105.7% respectively.

References

[1]

Sam Ainsworth et al. 2020. Muontrap: Preventing cross-domain spectre-like attacks by capturing speculative state. In ISCA. IEEE.

[2]

Mohammad Behnia et al. 2021. Speculative interference attacks: Breaking invisible speculation schemes. In ASPLOS.

[3]

Ben Gras et al. 2018. Translation leak-aside buffer: Defeating cache side-channel protections with {TLB} attacks. In USENIX Security.

[4]

Yasuo Ishii. 2018. Context-Base Computational Value Prediction with Value Compression. In CVP-1.

[5]

Khaled N Khasawneh et al. 2019. Safespec: Banishing the spectre of a meltdown with leakage-free speculation. In DAC. IEEE.

[6]

Vladimir Kiriansky et al. 2018. DAWG: A defense against cache timing attacks in speculative execution processors. In MICRO. IEEE.

[7]

Paul Kocher et al. 2020. Spectre attacks: Exploiting speculative execution. Commun. ACM (2020).

[8]

Esmaeil Mohammadian Koruyeh et al. 2018. Spectre returns! speculation attacks using the return stack buffer. In WOOT.

[9]

Peinan Li et al. 2019. Conditional speculation: An effective approach to safeguard out-of-order execution against spectre attacks. In HPCA. IEEE.

[10]

Moritz Lipp et al. 2020. Meltdown: Reading kernel memory from user space. Commun. ACM (2020).

[11]

Giorgi Maisuradze and Christian Rossow. 2018. ret2spec: Speculative execution using return stack buffers. In SIGSAC.

[12]

Arthur Perais et al. 2014. Practical data value speculation for future high-end processors. In HPCA. IEEE.

[13]

Christos Sakalis et al. 2019. Efficient invisible speculative execution through selective delay and value prediction. In ISCA. IEEE.

[14]

Michael Schwarz et al. 2019. Netspectre: Read arbitrary memory over network. In ESORICS. Springer.

[15]

André Seznec. 2018. Exploring value prediction with the EVES predictor. In CVP-1.

[16]

Mengjia Yan et al. 2017. Secure hierarchy-aware cache replacement policy (SHARP): Defending against cache-based side channel attacks. In ISCA. IEEE.

[17]

Mengjia Yan et al. 2018. Invisispec: Making speculative execution invisible in the cache hierarchy. In Micro. IEEE.

[18]

Yuval Yarom and Katrina Falkner. 2014. {FLUSH RELOAD}: A High Resolution, Low Noise, L3 Cache {Side-Channel}Attack. In USENIX security.

[19]

Jiyong Yu et al. 2019. Speculative taint tracking (stt) a comprehensive protection for speculatively accessed data. In Micro.

[20]

Jiyong Yu et al. 2020. Speculative data-oblivious execution: Mobilizing safe prediction for safe and efficient speculative execution. In ISCA. IEEE.

Index Terms

SVP: Safe and Efficient Speculative Execution Mechanism through Value Prediction
1. Computer systems organization
  1. Architectures
    1. Parallel architectures
      1. Multicore architectures
2. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures

Recommendations

Speculative Taint Tracking (STT): A Comprehensive Protection for Speculatively Accessed Data
MICRO '52: Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture

Speculative execution attacks present an enormous security threat, capable of reading arbitrary program data under malicious speculation, and later exfiltrating that data over microarchitectural covert channels. Since these attacks first rely on being ...
Exploiting speculative value reuse using value prediction

Data dependencies between instructions greatly impede instruction-level parallelism. Recently two hardware techniques --- Value Prediction and Value Reuse --- have been proposed to overcome the limits imposed by data dependencies. We introduce a new ...
Exploiting speculative value reuse using value prediction
CRPIT '02: Proceedings of the seventh Asia-Pacific conference on Computer systems architecture

Data dependencies between instructions greatly impede instruction-level parallelism. Recently two hardware techniques --- Value Prediction and Value Reuse --- have been proposed to overcome the limits imposed by data dependencies. We introduce a new ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

GLSVLSI '23: Proceedings of the Great Lakes Symposium on VLSI 2023

June 2023

731 pages

ISBN:9798400701252

DOI:10.1145/3583781

General Chairs:
Himanshu Thapliyal
University of Tennessee, Knoxville, USA
,
Ronald DeMara
University of Central Florida, USA
,
Program Chairs:
Inna Partin-Vaisband
University of Illinois Chicago, USA
,
Srinivas Katkoori
University of South Florida, USA

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGDA: ACM Special Interest Group on Design Automation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 June 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Funding Sources

National Natural Science Foundation of China

Conference

GLSVLSI '23

Sponsor:

SIGDA

GLSVLSI '23: Great Lakes Symposium on VLSI 2023

June 5 - 7, 2023

TN, Knoxville, USA

Acceptance Rates

Overall Acceptance Rate 312 of 1,156 submissions, 27%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
114
Total Downloads

Downloads (Last 12 months)50
Downloads (Last 6 weeks)6

Reflects downloads up to 26 Nov 2024

Other Metrics

View Author Metrics

Citations

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents