Speculative Privacy Tracking (SPT): Leaking Information From Speculative Execution Without Compromising Privacy
- 17 October 2021
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM)
Abstract
Speculative execution attacks put a dangerous new twist on information leakage through microarchitectural side channels. Ordinarily, programmers can reason about leakage based on the program’s semantics, and prevent said leakage by carefully writing the program to not pass secrets to covert channel-creating “transmitter” instructions, such as branches and loads. Speculative execution breaks this defense, because a transmitter might mis-speculatively execute with a secret operand even if it can never execute with said operand in valid executions. This paper proposes a new security definition that enables hardware to provide comprehensive, low-overhead and transparent-to-software protection against these attacks. The key idea is that it is safe to speculatively execute a transmitter without any protection if its operands were already leaked by the non-speculative execution. Based on this definition we design Speculative Privacy Tracking (SPT), a hardware protection that delays execution of every transmitter until it can prove that the transmitter’s operands leak during the program’s non-speculative execution. Using a novel dynamic information flow analysis microarchitecture, SPT efficiently proves when such an operand declassification implies that other data becomes declassified, which enables other delayed transmitters to be executed safely. We evaluate SPT on SPEC2017 and constant-time code benchmarks, and find that it adds only 45%/11% overhead on average (depending on the attack model) relative to an insecure processor. Compared to a secure baseline with the same protection scope, SPT reduces overhead by an average 3.6 × /3 ×.Keywords
Funding Information
- Israel Science Foundation (2005/17)
- Intel Corporation (SCAP ISRA)
- NSF (National Science Foundation) (CNS #1816226, CNS #1942888, CNS #1954521)
This publication has 37 references indexed in Scilit:
- Covert Channels through Random Number GeneratorPublished by Association for Computing Machinery (ACM) ,2016
- Side-Channel Analysis of Cryptographic Software via Early-Terminating MultiplicationsLecture Notes in Computer Science, 2010
- Declassification: Dimensions and principlesJournal of Computer Security, 2009
- RakshaPublished by Association for Computing Machinery (ACM) ,2007
- Curve25519: New Diffie-Hellman Speed RecordsLecture Notes in Computer Science, 2006
- The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel AttacksLecture Notes in Computer Science, 2006
- Cache Attacks and Countermeasures: The Case of AESLecture Notes in Computer Science, 2006
- Predicting Secret Keys Via Branch PredictionLecture Notes in Computer Science, 2006
- The Poly1305-AES Message-Authentication CodeLecture Notes in Computer Science, 2005
- Automatically characterizing large scale program behaviorPublished by Association for Computing Machinery (ACM) ,2002