Understanding Selective Delay as a Method for Efficient Secure Speculative Execution

Since the introduction of Meltdown and Spectre, the research community has been tirelessly working on speculative side-channel attacks and on how to shield computer systems from them. To ensure that a system is protected not only from all the currently known attacks but also from future, yet to be discovered, attacks, the solutions developed need to be general in nature, covering a wide array of system components, while at the same time keeping the performance, energy, area, and implementation complexity costs at a minimum. One such solution is our own delay-on-miss, which efficiently protects the memory hierarchy by i) selectively delaying speculative load instructions and ii) utilizing value prediction as an invisible form of speculation. In this article we dive deeper into delay-on-miss, offering insights into why and how it affects the performance of the system. We also reevaluate value prediction as an invisible form of speculation. Specifically, we focus on the implications that delaying memory loads has in the memory level parallelism of the system and how this affects the value predictor and the overall performance of the system. We present new, updated results but more importantly, we also offer deeper insight into why delay-on-miss works so well and what this means for the future of secure speculative execution.

[1]  Mikko H. Lipasti,et al.  Deconstructing commit , 2004, IEEE International Symposium on - ISPASS Performance Analysis of Systems and Software, 2004.

[2]  Josep Torrellas,et al.  InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy , 2018, 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[3]  Jung Ho Ahn,et al.  McPAT: An integrated power, area, and timing modeling framework for multicore and manycore architectures , 2009, 2009 42nd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[4]  Jung Ho Ahn,et al.  CACTI-P: Architecture-level modeling for SRAM-based structures with advanced leakage reduction techniques , 2011, 2011 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[5]  Stefanos Kaxiras,et al.  Ghost loads: what is the cost of invisible speculation? , 2019, CF.

[6]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[7]  Somayeh Sardashti,et al.  The gem5 simulator , 2011, CARN.

[8]  Nael B. Abu-Ghazaleh,et al.  SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation , 2018, 2019 56th ACM/IEEE Design Automation Conference (DAC).

[9]  Gururaj Saileshwar,et al.  CleanupSpec: An "Undo" Approach to Safe Speculation , 2019, MICRO.

[10]  Michael Hamburg,et al.  Meltdown , 2018, meltdownattack.com.

[11]  Stefanos Kaxiras,et al.  Efficient Invisible Speculative Execution through Selective Delay and Value Prediction , 2019, 2019 ACM/IEEE 46th Annual International Symposium on Computer Architecture (ISCA).

[12]  Stefan Mangard,et al.  DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks , 2015, USENIX Security Symposium.

[13]  Sam Ainsworth,et al.  MuonTrap: Preventing Cross-Domain Spectre-Like Attacks by Capturing Speculative State , 2020, 2020 ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA).

[14]  Dan Meng,et al.  Conditional Speculation: An Effective Approach to Safeguard Out-of-Order Execution Against Spectre Attacks , 2019, 2019 IEEE International Symposium on High Performance Computer Architecture (HPCA).

[15]  André Seznec,et al.  EOLE: Combining Static and Dynamic Scheduling Through Value Prediction to Reduce Complexity and Increase Performance , 2016, ACM Trans. Comput. Syst..

[16]  Mikko H. Lipasti,et al.  Exceeding the dataflow limit via value prediction , 1996, Proceedings of the 29th Annual IEEE/ACM International Symposium on Microarchitecture. MICRO 29.

[17]  Nael B. Abu-Ghazaleh,et al.  SpecCFI: Mitigating Spectre Attacks using CFI Informed Speculation , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[18]  Josep Torrellas,et al.  Speculative Taint Tracking (STT): A Comprehensive Protection for Speculatively Accessed Data , 2019, IEEE Micro.

[19]  Frank Piessens,et al.  A Systematic Evaluation of Transient Execution Attacks and Defenses , 2018, USENIX Security Symposium.

[20]  Prabhat Mishra,et al.  A Survey of Side-Channel Attacks on Caches and Countermeasures , 2017, Journal of Hardware and Systems Security.

[21]  Heechul Yun,et al.  SpectreGuard: An Efficient Data-centric Defense Mechanism against Spectre Attacks , 2019, 2019 56th ACM/IEEE Design Automation Conference (DAC).

[22]  Gernot Heiser,et al.  A survey of microarchitectural timing attacks and countermeasures on contemporary hardware , 2016, Journal of Cryptographic Engineering.

[23]  Josep Torrellas,et al.  Speculative Data-Oblivious Execution: Mobilizing Safe Prediction For Safe and Efficient Speculative Execution , 2020, 2020 ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA).

[24]  Jóakim von Kistowski,et al.  The SPEC CPU Benchmark Suite , 2020 .

[25]  Cesar Pereida García,et al.  Port Contention for Fun and Profit , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[26]  Ofir Weisse,et al.  NDA: Preventing Speculative Execution Attacks at Their Source , 2019, MICRO.

[27]  Robert Schilling,et al.  ConTExT: Leakage-Free Transient Execution , 2019, ArXiv.

[28]  Martin Schwarzl,et al.  NetSpectre: Read Arbitrary Memory over Network , 2018, ESORICS.