MuonTrap: Preventing Cross-Domain Spectre-Like Attacks by Capturing Speculative State
- 1 May 2020
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
The disclosure of the Spectre speculative-execution attacks in January 2018 has left a severe vulnerability that systems are still struggling with how to patch. The solutions that currently exist tend to have incomplete coverage, perform badly, or have highly undesirable performance edge cases.MuonTrap allows processors to continue to speculate, avoiding significant reductions in performance, without impacting security. We instead prevent the propagation of any state based on speculative execution, by placing the results of speculative cache accesses into a small, fast L0 filter cache, that is non-inclusive, non-exclusive with the rest of the cache hierarchy. This isolates all parts of the system that can’t be quickly cleared on any change in threat domain. MuonTrap uses these speculative filter caches, which are cleared on context and protection-domain switches, along with a series of extensions to the cache coherence protocol and prefetcher. This renders systems immune to cross-domain information leakage via Spectre and a host of similar attacks based on speculative execution, with low performance impact and few changes to the CPU design.Keywords
This publication has 26 references indexed in Scilit:
- Prefetch Side-Channel AttacksPublished by Association for Computing Machinery (ACM) ,2016
- Last-Level Cache Side-Channel Attacks are PracticalPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- An algorithm for detecting contention-based covert timing channels on shared hardwarePublished by Association for Computing Machinery (ACM) ,2014
- Sources of error in full-system simulationPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2014
- Revisiting level-0 caches in embedded processorsPublished by Association for Computing Machinery (ACM) ,2012
- Non-monopolizable cachesACM Transactions on Architecture and Code Optimization, 2012
- The gem5 simulatorACM SIGARCH Computer Architecture News, 2011
- SPEC CPU2006 benchmark descriptionsACM SIGARCH Computer Architecture News, 2006
- Reducing power with an L0 instruction cache using history-based predictionPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other SystemsLecture Notes in Computer Science, 1996