SPECBOX: A Label-Based Transparent Speculation Scheme Against Transient Execution Attacks

Tang，Bowen1; Wu，Chenggang2; Wang，Zhe3; Jia，Lichen4; Yew，Pen Chung5; Cheng，Yueqiang6; Zhang，Yinqian7; Wang，Chenxi8; Xu，Guoqing9

2022

10.1109/TDSC.2022.3144287

IEEE Transactions on Dependable and Secure Computing   影响因子和分区

1545-5971

1941-0018

Speculative execution techniques have been a cornerstone of modern processors to improve instruction-level parallelism. However, recent studies showed that this kind of techniques could be exploited by attackers to leak secret data via transient execution attacks, such as Spectre. Many defenses are proposed to address this problem, but they all face various challenges: (1) Filtering data flow in the instruction pipeline could comprehensively address this problem, but it could cause pipeline stalls and incur high performance overhead; (2) Making side effect of speculative execution imperceptible to attackers often needs additional storage components and and complicated data movement operations. In this paper, we propose a label-based transparent speculation scheme called SpecBox. It dynamically partitions the cache system to isolate speculative data and non-speculative data, which can prevent transient execution from being observed by subsequent execution. Moreover, it uses thread ownership semaphores to prevent speculative data from being accessed across cores. In addition, SpecBox also enhances the auxiliary components in the cache system against transient execution attacks, such as hardware prefetcher. Our security analysis shows that Specbox is secure and the performance evaluation shows that SpecBox only incurs a very small performance overhead on SPEC CPU 2006 and PARSEC-3.0 benchmarks.

Cache Partition Delays Indexes Layout Pipelines Receivers Security Shared Cache Access Control Transient analysis Transient Execution Attack

EI ; SCI

英语

其他

National Natural Science Foundation of China (NSFC)["61902374","U1736208"] ; NSF[CNS-1514444]

Computer Science

Computer Science, Hardware & Architecture ; Computer Science, Information Systems ; Computer Science, Software Engineering

WOS:000923069400056

IEEE COMPUTER SOC

20220511570116

Access control ; Benchmarking ; Digital storage ; Network security ; Pipeline processing systems ; Pipelines

Pipe, Piping and Pipelines:619.1 ; Data Storage, Equipment and Techniques:722.1 ; Digital Computers and Systems:722.4 ; Computer Software, Data Handling and Applications:723

2-s2.0-85123724093

Scopus

1.Key Laboratory of Computer System and Architecture, Institute of Computing Technology Chinese Academy of Sciences, 53035 Beijing, Beijing, China, (e-mail: tangbowen@ict.ac.cn)
2.State Key Laboratory of Computer Architecture, Institute of Computing Technology Chinese Academy of Sciences, 53035 Beijing, Beijing, China, (e-mail: wucg@ict.ac.cn)
3.State Key Laboratory of Computer Architecture, Institute of Computing Technology Chinese Academy of Sciences, 53035 Beijing, Beijing, China, (e-mail: wangzhe12@ict.ac.cn)
4.State Key Laboratory of Computer Architecture, Institute of Computing Technology Chinese Academy of Sciences, 53035 Beijing, Beijing, China, (e-mail: bwtang91@gmail.com)
5.Department of Computer Science and Engineering, University of Minnesota Twin Cities, 5635 Minneapolis, Minnesota, United States, (e-mail: yew@umn.edu)
6.Head of Security Research, NIO, Mountain View, California, United States, (e-mail: strongerwill@gmail.com)
7.Department of Computer Science and Engineering, Southern University of Science and Technology, 255310 Shenzhen, Guangdong, China, (e-mail: yinqianz@acm.org)
8.Computer Science Department, University of California Los Angeles, 8783 Los Angeles, California, United States, (e-mail: wangchenxi@cs.ucla.edu)
9.CS, University of California Los Angeles, 8783 Los Angeles, California, United States, 90095 (e-mail: harryxu@cs.ucla.edu)

Tang，Bowen,Wu，Chenggang,Wang，Zhe,et al. SPECBOX: A Label-Based Transparent Speculation Scheme Against Transient Execution Attacks[J]. IEEE Transactions on Dependable and Secure Computing,2022,PP(99):1-1.

Tang，Bowen.,Wu，Chenggang.,Wang，Zhe.,Jia，Lichen.,Yew，Pen Chung.,...&Xu，Guoqing.(2022).SPECBOX: A Label-Based Transparent Speculation Scheme Against Transient Execution Attacks.IEEE Transactions on Dependable and Secure Computing,PP(99),1-1.

Tang，Bowen,et al."SPECBOX: A Label-Based Transparent Speculation Scheme Against Transient Execution Attacks".IEEE Transactions on Dependable and Secure Computing PP.99(2022):1-1.