Context-Sensitive Fencing: Securing Speculative Execution via Microcode Customization

This paper describes context-sensitive fencing (CSF), a microcode-level defense against multiple variants of Spectre. CSF leverages the ability to dynamically alter the decoding of the instruction stream, to seamlessly inject new micro-ops, including fences, only when dynamic conditions indicate they are needed. This enables the processor to protect against the attack, but with minimal impact on the efficacy of key performance features such as speculative execution. This research also examines several alternative fence implementations, and introduces three new types of fences which allow most dynamic reorderings of loads and stores, but in a way that prevents speculative accesses from changing visible cache state. These optimizations reduce the performance overhead of the defense mechanism, compared to state-of-the-art software-based fencing mechanisms by a factor of six.

[1]  Amir Roth,et al.  DISE: a programmable macro engine for customizing applications , 2003, ISCA '03.

[2]  John Sartori,et al.  Software-based Gate-level Information Flow Security for IoT Systems , 2017, 2017 50th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[3]  Venkatesh Akella,et al.  Position Paper: A case for exposing extra-architectural state in the ISA , 2018 .

[4]  Dean M. Tullsen,et al.  Mobilizing the Micro-Ops: Exploiting Context Sensitive Decoding for Security and Energy Efficiency , 2018, 2018 ACM/IEEE 45th Annual International Symposium on Computer Architecture (ISCA).

[5]  Xi Wang,et al.  Improving application security with data flow assertions , 2009, SOSP '09.

[6]  Scott Mahlke,et al.  Effective compiler support for predicated execution using the hyperblock , 1992, MICRO 1992.

[7]  Julian Stecklina,et al.  LazyFP: Leaking FPU Register State using Microarchitectural Side-Channels , 2018, ArXiv.

[8]  Dinakar Dhurjati,et al.  Secure virtual architecture: a safe execution environment for commodity operating systems , 2007, SOSP.

[9]  Hong Wang,et al.  Harmonia: a transparent, efficient, and harmonious dynamic binary translator targeting the Intel® architecture , 2011, CF '11.

[10]  Gernot Heiser,et al.  Last-Level Cache Side-Channel Attacks are Practical , 2015, 2015 IEEE Symposium on Security and Privacy.

[11]  Klaus Wagner,et al.  Flush+Flush: A Fast and Stealthy Cache Attack , 2015, DIMVA.

[12]  Adi Shamir,et al.  Acoustic Cryptanalysis , 2017, Journal of Cryptology.

[13]  Sepehr Assadi,et al.  A Compile-Time Optimization Method for WCET Reduction in Real-Time Embedded Systems through Block Formation , 2016, ACM Trans. Archit. Code Optim..

[14]  John L. Henning SPEC CPU2006 benchmark descriptions , 2006, CARN.

[15]  Richard Johnson,et al.  The Transmeta Code Morphing/spl trade/ Software: using speculation, recovery, and adaptive retranslation to address real-life challenges , 2003, International Symposium on Code Generation and Optimization, 2003. CGO 2003..

[16]  Amir Roth,et al.  Using DISE to protect return addresses from attack , 2005, CARN.

[17]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[18]  Yuan Xiao,et al.  SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution , 2018, ArXiv.

[19]  Thomas F. Wenisch,et al.  Foreshadow-NG: Breaking the virtual memory abstraction with transient out-of-order execution , 2018 .

[20]  Nael B. Abu-Ghazaleh,et al.  BranchScope: A New Side-Channel Attack on Directional Branch Predictor , 2018, ASPLOS.

[21]  Nael B. Abu-Ghazaleh,et al.  Spectre Returns! Speculation Attacks Using the Return Stack Buffer , 2018, IEEE Design & Test.

[22]  Todd C. Mowry,et al.  Log-based architectures: using multicore to help software behave correctly , 2011, OPSR.

[23]  Guilherme Ottoni,et al.  RIFLE: An Architectural Framework for User-Centric Information-Flow Security , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[24]  Alan L. Cox,et al.  Spectres, virtual ghosts, and hardware support , 2018, HASP@ISCA.

[25]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[26]  Christian Rossow,et al.  ret2spec: Speculative Execution Using Return Stack Buffers , 2018, CCS.

[27]  Muli Ben-Yehuda,et al.  vIOMMU: Efficient IOMMU Emulation , 2011, USENIX Annual Technical Conference.

[28]  Frederic T. Chong,et al.  Complete information flow tracking from the gates up , 2009, ASPLOS.

[29]  Michael Franz,et al.  Dynamic taint propagation for Java , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[30]  Nael B. Abu-Ghazaleh,et al.  SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation , 2018, 2019 56th ACM/IEEE Design Automation Conference (DAC).

[31]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[32]  Yuval Yarom,et al.  CacheBleed: a timing attack on OpenSSL constant-time RSA , 2016, Journal of Cryptographic Engineering.

[33]  Margaret Martonosi,et al.  MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols , 2018, ArXiv.

[34]  No License,et al.  Intel ® 64 and IA-32 Architectures Software Developer ’ s Manual Volume 3 A : System Programming Guide , Part 1 , 2006 .

[35]  Hovav Shacham,et al.  Return-Oriented Programming: Systems, Languages, and Applications , 2012, TSEC.

[36]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[37]  Ashish Venkat Breaking the ISA Barrier in Modern Computing , 2018 .

[38]  Frederic T. Chong,et al.  Minos: Control Data Attack Prevention Orthogonal to Memory Model , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[39]  Gernot Heiser,et al.  A survey of microarchitectural timing attacks and countermeasures on contemporary hardware , 2016, Journal of Cryptographic Engineering.

[40]  David Zhang,et al.  Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.

[41]  Christoforos E. Kozyrakis,et al.  Raksha: a flexible information flow architecture for software security , 2007, ISCA '07.

[42]  Stefan Mangard,et al.  Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches , 2015, USENIX Security Symposium.

[43]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[44]  Martin Schwarzl,et al.  NetSpectre: Read Arbitrary Memory over Network , 2018, ESORICS.

[45]  Wei Xu,et al.  Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks , 2006, USENIX Security Symposium.

[46]  Binyu Zang,et al.  From Speculation to Security: Practical and Efficient Information Flow Tracking Using Speculative Hardware , 2008, 2008 International Symposium on Computer Architecture.

[47]  Dean M. Tullsen,et al.  Harnessing ISA diversity: Design of a heterogeneous-ISA chip multiprocessor , 2014, 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA).

[48]  Adi Shamir,et al.  Fault Analysis of Stream Ciphers , 2004, CHES.

[49]  Josep Torrellas,et al.  InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy (Corrigendum) , 2019, MICRO.

[50]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[51]  Hovav Shacham,et al.  HIPStR: Heterogeneous-ISA Program State Relocation , 2016, ASPLOS.

[52]  Ronald G. Dreslinski,et al.  The M5 Simulator: Modeling Networked Systems , 2006, IEEE Micro.

[53]  Richard Johnson,et al.  The Transmeta Code Morphing#8482; Software: using speculation, recovery, and adaptive retranslation to address real-life challenges , 2003, CGO.

[54]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[55]  Gary Brown,et al.  Denver: Nvidia's First 64-bit ARM Processor , 2015, IEEE Micro.

[56]  Alessandro Orso,et al.  WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation , 2008, IEEE Transactions on Software Engineering.

[57]  Jack L. Lo,et al.  Exploiting Choice: Instruction Fetch and Issue on an Implementable Simultaneous Multithreading Processor , 1996, 23rd Annual International Symposium on Computer Architecture (ISCA'96).

[58]  Craig Disselkoen,et al.  Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX , 2017, USENIX Security Symposium.

[59]  M. Schlansker,et al.  On Predicated Execution , 1991 .

[60]  Zhenyu Wu,et al.  Whispers in the Hyper-space: High-speed Covert Channel Attacks in the Cloud , 2012, USENIX Security Symposium.

[61]  Carl A. Waldspurger,et al.  Speculative Buffer Overflows: Attacks and Defenses , 2018, ArXiv.

[62]  Onur Aciiçmez,et al.  Predicting Secret Keys Via Branch Prediction , 2007, CT-RSA.

[63]  Ruby B. Lee,et al.  Covert and Side Channels Due to Processor Architecture , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[64]  Michael Hamburg,et al.  Meltdown: Reading Kernel Memory from User Space , 2018, USENIX Security Symposium.

[65]  Amir Roth,et al.  Low-overhead interactive debugging via dynamic instrumentation with DISE , 2005, 11th International Symposium on High-Performance Computer Architecture.

[66]  Dean M. Tullsen,et al.  Simultaneous multithreading: Maximizing on-chip parallelism , 1995, Proceedings 22nd Annual International Symposium on Computer Architecture.

[67]  Dean M. Tullsen,et al.  Execution migration in a heterogeneous-ISA chip multiprocessor , 2012, ASPLOS XVII.

[68]  Josep Torrellas,et al.  InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy , 2018, 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[69]  Adi Shamir,et al.  RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis , 2014, CRYPTO.

[70]  Alan L. Cox,et al.  Shielding Software From Privileged Side-Channel Attacks , 2018, USENIX Security Symposium.

[71]  Angelos D. Keromytis,et al.  The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications , 2015, CCS.

[72]  Christof Fetzer,et al.  You Shall Not Bypass: Employing data dependencies to prevent Bounds Check Bypass , 2018, ArXiv.

[73]  Vikram S. Adve,et al.  Virtual ghost: protecting applications from hostile operating systems , 2014, ASPLOS.

[74]  Benjamin Livshits,et al.  Securing web applications with static and dynamic information flow tracking , 2008, PEPM '08.

[75]  Christopher Krügel,et al.  Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.

[76]  Hovav Shacham,et al.  Are AES x86 cache timing attacks still feasible? , 2012, CCSW '12.

[77]  Will Reese,et al.  Nginx: the high-performance web server and reverse proxy , 2008 .

[78]  Onur Aciiçmez,et al.  Cache Based Remote Timing Attack on the AES , 2007, CT-RSA.

[79]  Ramesh Karri,et al.  Concurrent error detection schemes for fault-based side-channel cryptanalysis of symmetric block ciphers , 2002, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[80]  Satish Narayanasamy,et al.  InvisiMem: Smart memory defenses for memory bus side channel , 2017, 2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA).

[81]  Mehmet Kayaalp,et al.  RIC: Relaxed Inclusion Caches for mitigating LLC side-channel attacks , 2017, 2017 54th ACM/EDAC/IEEE Design Automation Conference (DAC).

[82]  Stefan Mangard,et al.  KASLR is Dead: Long Live KASLR , 2017, ESSoS.

[83]  Guru Venkataramani,et al.  FlexiTaint: A programmable accelerator for dynamic taint propagation , 2008, 2008 IEEE 14th International Symposium on High Performance Computer Architecture.