Nothing Special   »   [go: up one dir, main page]

skip to main content
research-article
Public Access

Speculative taint tracking (STT): a comprehensive protection for speculatively accessed data

Published: 19 November 2021 Publication History

Abstract

Speculative execution attacks present an enormous security threat, capable of reading arbitrary program data under malicious speculation, and later exfiltrating that data over microarchitectural covert channels. This paper proposes speculative taint tracking (STT), a high security and high performance hardware mechanism to block these attacks. The main idea is that it is safe to execute and selectively forward the results of speculative instructions that read secrets, as long as we can prove that the forwarded results do not reach potential covert channels. The technical core of the paper is a new abstraction to help identify all micro-architectural covert channels, and an architecture to quickly identify when a covert channel is no longer a threat. We further conduct a detailed formal analysis on the scheme in a companion document. When evaluated on SPEC06 workloads, STT incurs 8.5% or 14.5% performance overhead relative to an insecure machine.

References

[1]
Aciicmez, O., Seifert, J.-P., Koc, C.K. Predicting secret keys via branch prediction. In IACR'06 (2006).
[2]
Aldaya, A.C., Brumley, B.B., ul Hassan, S., García, C. P., Tuveri, N. Port contention for fun and profit. In IACR'18 (2018).
[3]
Andrysco, M., Kohlbrenner, D., Mowery, K., Jhala, R., Lerner, S., Shacham, H. On subnormal floating point and abnormal timing. In S&P'15 (2015).
[4]
Bhattacharyya, A., Sandulescu, A., Neugschwandtner, M., Sorniotti, A., Falsafi, B., Payer, M., Kurmus, A. SMoTherSpectre: Exploiting speculative execution through port contention. In CCS'19 (2019).
[5]
Canella, C., Bulck, J.V., Schwarz, M., Lipp, M., von Berg, B., Ortner, P., Piessens, F., Evtyushkin, D., Gruss, D. A systematic evaluation of transient execution attacks and defenses. In USENIX Security'19 (2019).
[6]
Chrysos, G.Z., Emer, J.S. Memory dependence prediction using store sets. In ISCA'98 (1998).
[7]
Dalton, M., Kannan, H., Kozyrakis, C. Raksha: A flexible information flow architecture for software security. In ISCA'07 (2007).
[8]
Gharachorloo, K., Gupta, A., Hennessy, J. Two techniques to enhance the performance of memory consistency models. In ICPP'91 (1991).
[9]
Goguen, J.A., Meseguer, J. Security policies and security models. In 1982 IEEE Symposium on Security and Privacy (1982).
[10]
Großschädl, J., Oswald, E., Page, D., Tunstall, M. Side-channel analysis of cryptographic software via early-terminating multiplications. In (2009).
[11]
Hennessy, J.L., Patterson, D.A. Computer Architecture: A Quantitative Approach, 6th edn. Morgan Kaufmann Publishers Inc., 2017.
[12]
Intel. Q2 2018 speculative execution side channel update, 2018. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html.
[13]
Johnson, M. Superscalar Microprocessor Design. Prentice Hall Englewood Cliffs, New Jersey, 1991.
[14]
Kiriansky, V., Lebedev, I.A., Amarasinghe, S.P., Devadas, S., Emer, J. DAWG: A defense against cache timing attacks in speculative execution processors. In MICRO'18 (2018).
[15]
Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T., Schwarz, M., Yarom, Y. Spectre attacks: Exploiting speculative execution. In S&P'19 (2019).
[16]
Lipasti, M.H., Wilkerson, C.B., Shen, J.P. Value locality and load value prediction. In ASPLOS'96 (1996).
[17]
Percival, C. Cache missing for fun and profit. In Proceedings of BSDCan 2005 (2005).
[18]
Reinman, G., Calder, B. Predictive techniques for aggressive load speculation. In MICRO'98 (1998).
[19]
Sabelfeld, A., Myers, A.C. Language-based information-flow security. IEEE J. Sel. Areas Commun. 21, 1 (Jan. 2003), 5--19.
[20]
Schwarz, M., Schwarzl, M., Lipp, M., Gruss, D. Netspectre: Read arbitrary memory over network. In ESORICS'19 (2019).
[21]
Suh, G.E., Lee, J.W., Zhang, D., Devadas, S. Secure program execution via dynamic information flow tracking. In ASPLOS'04 (2004).
[22]
Tiwari, M., Wassel, H.M., Mazloom, B., Mysore, S., Chong, F.T., Sherwood, T. Complete information flow tracking from the gates up. In ASPLOS'09 (2009).
[23]
Tomasulo, R.M. An efficient algorithm for exploiting multiple arithmetic units. IBM J. Res. Dev. 11, 1 (1967), 25--33.
[24]
Van Bulck, J., Minkin, M., Weisse, O., Genkin, D., Kasikci, B., Piessens, F., Silberstein, M., Wenisch, T.F., Yarom, Y., Strackx, R. Foreshadow: Extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In USENIX Security'18 (2008).
[25]
Yan, M., Choi, J., Skarlatos, D., Morrison, A., Fletcher, C.W., Torrellas, J. InvisiSpec: Making speculative execution invisible in the cache hierarchy. In MICRO'18 (2018).
[26]
Yarom, Y., Falkner, K. Flush+Reload: A high resolution, low noise, L3 cache side-channel attack. In USENIX Security'14 (2014).
[27]
Yu, J., Hsiung, L., Hajj, M.E., Fletcher, C.W. Data oblivious ISA extensions for side channel-resistant and high performance computing. In NDSS'19. https://eprint.iacr.org/2018/808.
[28]
Yu, J., Mantri, N., Torrellas, J., Morrison, A., Fletcher, C.W. Speculative data-oblivious execution: Mobilizing safe prediction for safe and efficient speculative execution. In ISCA'20.
[29]
Yu, J., Yan, M., Khyzha, A., Morrison, A., Torrellas, J., Fletcher, C.W. Speculative Taint Tracking (STT): A Formal Analysis. Technical report, University of Illinois at Urbana-Champaign and Tel Aviv University, 2019. http://cwfletcher.net/Content/Publications/Academics/TechReport/stt-formal-tr_micro19.pdf.

Cited By

View all
  • (2022)SoKProceedings of the 2022 ACM on Asia Conference on Computer and Communications Security10.1145/3488932.3517418(546-560)Online publication date: 30-May-2022
  • (2022)SoK: Confidential Quartet - Comparison of Platforms for Virtualization-Based Confidential Computing2022 IEEE International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED55351.2022.00017(109-120)Online publication date: Sep-2022

Index Terms

  1. Speculative taint tracking (STT): a comprehensive protection for speculatively accessed data

    Recommendations

    Comments

    Please enable JavaScript to view thecomments powered by Disqus.

    Information & Contributors

    Information

    Published In

    cover image Communications of the ACM
    Communications of the ACM  Volume 64, Issue 12
    December 2021
    101 pages
    ISSN:0001-0782
    EISSN:1557-7317
    DOI:10.1145/3502158
    Issue’s Table of Contents
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 19 November 2021
    Published in CACM Volume 64, Issue 12

    Permissions

    Request permissions for this article.

    Check for updates

    Qualifiers

    • Research-article
    • Research
    • Refereed

    Funding Sources

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)2,240
    • Downloads (Last 6 weeks)37
    Reflects downloads up to 18 Nov 2024

    Other Metrics

    Citations

    Cited By

    View all
    • (2022)SoKProceedings of the 2022 ACM on Asia Conference on Computer and Communications Security10.1145/3488932.3517418(546-560)Online publication date: 30-May-2022
    • (2022)SoK: Confidential Quartet - Comparison of Platforms for Virtualization-Based Confidential Computing2022 IEEE International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED55351.2022.00017(109-120)Online publication date: Sep-2022

    View Options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Digital Edition

    View this article in digital edition.

    Digital Edition

    Magazine Site

    View this article on the magazine site (external)

    Magazine Site

    Login options

    Full Access

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media