Speculative Data-Oblivious Execution: Mobilizing Safe Prediction For Safe and Efficient Speculative Execution

Speculative execution attacks are an enormous security threat. In these attacks, malicious speculative execution reads and exfiltrates potentially arbitrary program data through microarchitectural covert channels. Correspondingly, prior work has shown how to comprehensively block such attacks by delaying the execution of covert channel-creating instructions until their operands are a function of non-speculative data.This paper’s premise is that it is safe to execute these potentially dangerous instructions early, improving performance, as long as their execution does not require operand-dependent hardware resource usage, i.e., is data oblivious. While secure, this idea can easily reduce, not improve, performance. Intuitively, data obliviousness implies doing the worst case work all the time. Our key idea to get net speedup is that it is safe to predict what will be, and to subsequently perform, the work needed to satisfy the common case, as long as the prediction itself does not leak privacy.We call the complete scheme—predicting the form of data-oblivious execution—Speculative Data-Oblivious Execution (SDO). We build SDO on top of a recent comprehensive and state-of-the-art protection called STT. Extending security arguments from STT, we show how the predictions do not reveal private information, enabling safe and efficient speculative execution. We evaluate the combined scheme, STT + SDO, on a set of SPEC17 workloads and find that it improves the performance of stand-alone STT by an average 36.3% to 55.1%, depending on the microarchitecture and attack model—and without changing STT’s security guarantees.

[1]  Prateek Saxena,et al.  On the Trade-Offs in Oblivious Execution Techniques , 2017, DIMVA.

[2]  Rishabh Poddar,et al.  Oblix: An Efficient Oblivious Search Index , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[3]  Nael B. Abu-Ghazaleh,et al.  Spectre Returns! Speculation Attacks Using the Return Stack Buffer , 2018, IEEE Design & Test.

[4]  Christopher W. Fletcher,et al.  ZeroTrace : Oblivious Memory Primitives from Intel SGX , 2018, NDSS.

[5]  Dan Boneh,et al.  IRON: Functional Encryption using Intel SGX , 2017, CCS.

[6]  Toon Verwaest,et al.  Spectre is here to stay: An analysis of side-channels and speculative execution , 2019, ArXiv.

[7]  Mohamad El Hajj,et al.  Data Oblivious ISA Extensions for Side Channel-Resistant and High Performance Computing , 2018, IACR Cryptol. ePrint Arch..

[8]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[9]  Koen De Bosschere,et al.  Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[10]  Yuan Xiao,et al.  SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution , 2018, ArXiv.

[11]  Dan Meng,et al.  Conditional Speculation: An Effective Approach to Safeguard Out-of-Order Execution Against Spectre Attacks , 2019, 2019 IEEE International Symposium on High Performance Computer Architecture (HPCA).

[12]  Michael Tunstall,et al.  Side-Channel Analysis of Cryptographic Software via Early-Terminating Multiplications , 2009, ICISC.

[13]  Josep Torrellas,et al.  InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy , 2018, 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[14]  Yao Wang,et al.  Timing channel protection for a shared memory controller , 2014, HPCA.

[15]  Srinivas Devadas,et al.  DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors , 2018, 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[16]  Christian Rossow,et al.  ret2spec: Speculative Execution Using Return Stack Buffers , 2018, CCS.

[17]  Daniel J. Bernstein,et al.  The Poly1305-AES Message-Authentication Code , 2005, FSE.

[18]  Frederic T. Chong,et al.  Complete information flow tracking from the gates up , 2009, ASPLOS.

[19]  Stefan Mangard,et al.  DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks , 2015, USENIX Security Symposium.

[20]  Herbert Bos,et al.  Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks , 2018, USENIX Security Symposium.

[21]  David A. Wood,et al.  A Primer on Memory Consistency and Cache Coherence , 2012, Synthesis Lectures on Computer Architecture.

[22]  Onur Aciiçmez,et al.  Predicting Secret Keys Via Branch Prediction , 2007, CT-RSA.

[23]  Anoop Gupta,et al.  Two Techniques to Enhance the Performance of Memory Consistency Models , 1991, ICPP.

[24]  John L. Henning SPEC CPU2006 benchmark descriptions , 2006, CARN.

[25]  Gururaj Saileshwar,et al.  CleanupSpec: An "Undo" Approach to Safe Speculation , 2019, MICRO.

[26]  David Schultz,et al.  The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks , 2005, ICISC.

[27]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[28]  Mikko H. Lipasti,et al.  Memory ordering: a value-based approach , 2004, Proceedings. 31st Annual International Symposium on Computer Architecture, 2004..

[29]  Li Zhou,et al.  SpecShield: Shielding Speculative Data from Microarchitectural Covert Channels , 2019, 2019 28th International Conference on Parallel Architectures and Compilation Techniques (PACT).

[30]  Sorin Lerner,et al.  On Subnormal Floating Point and Abnormal Timing , 2015, 2015 IEEE Symposium on Security and Privacy.

[31]  David Zhang,et al.  Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.

[32]  Josep Torrellas,et al.  Speculative Taint Tracking (STT): A Comprehensive Protection for Speculatively Accessed Data , 2019, IEEE Micro.

[33]  Babak Falsafi,et al.  SMoTherSpectre: Exploiting Speculative Execution through Port Contention , 2019, CCS.

[34]  Carl A. Waldspurger,et al.  Speculative Buffer Overflows: Attacks and Defenses , 2018, ArXiv.

[35]  Murat Kantarcioglu,et al.  SGX-BigMatrix: A Practical Encrypted Data Analytic Framework With Trusted Processors , 2017, CCS.

[36]  Sebastian Nowozin,et al.  Oblivious Multi-Party Machine Learning on Trusted Processors , 2016, USENIX Security Symposium.

[37]  Matei Zaharia,et al.  An Oblivious General-Purpose SQL Database for the Cloud , 2017, ArXiv.

[38]  Ashay Rane,et al.  Raccoon: Closing Digital Side-Channels through Obfuscated Execution , 2015, USENIX Security Symposium.

[39]  Nael B. Abu-Ghazaleh,et al.  SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation , 2018, 2019 56th ACM/IEEE Design Automation Conference (DAC).

[40]  Yuval Yarom,et al.  CacheBleed: a timing attack on OpenSSL constant-time RSA , 2016, Journal of Cryptographic Engineering.

[41]  Stefanos Kaxiras,et al.  Efficient Invisible Speculative Execution through Selective Delay and Value Prediction , 2019, 2019 ACM/IEEE 46th Annual International Symposium on Computer Architecture (ISCA).

[42]  Ion Stoica,et al.  Opaque: An Oblivious and Encrypted Distributed Analytics Platform , 2017, NSDI.

[43]  Brad Calder,et al.  Automatically characterizing large scale program behavior , 2002, ASPLOS X.

[44]  Josep Torrellas,et al.  Speculative Taint Tracking (STT): A Formal Analysis , 2019 .

[45]  Kai Li,et al.  The PARSEC benchmark suite: Characterization and architectural implications , 2008, 2008 International Conference on Parallel Architectures and Compilation Techniques (PACT).

[46]  Martin Schwarzl,et al.  NetSpectre: Read Arbitrary Memory over Network , 2018, ESORICS.

[47]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[48]  Ofir Weisse,et al.  NDA: Preventing Speculative Execution Attacks at Their Source , 2019, MICRO.

[49]  Kyungtae Kim,et al.  OBLIVIATE: A Data Oblivious Filesystem for Intel SGX , 2018, NDSS.

[50]  Somayeh Sardashti,et al.  The gem5 simulator , 2011, CARN.