Speculative taint tracking (STT)
- 19 November 2021
- journal article
- editorial
- Published by Association for Computing Machinery (ACM) in Communications of the ACM
- Vol. 64 (12), 105-112
- https://doi.org/10.1145/3491201
Abstract
Speculative execution attacks present an enormous security threat, capable of reading arbitrary program data under malicious speculation, and later exfiltrating that data over microarchitectural covert channels. This paper proposes speculative taint tracking (STT), a high security and high performance hardware mechanism to block these attacks. The main idea is that it is safe to execute and selectively forward the results of speculative instructions that read secrets, as long as we can prove that the forwarded results do not reach potential covert channels. The technical core of the paper is a new abstraction to help identify all micro-architectural covert channels, and an architecture to quickly identify when a covert channel is no longer a threat. We further conduct a detailed formal analysis on the scheme in a companion document. When evaluated on SPEC06 workloads, STT incurs 8.5% or 14.5% performance overhead relative to an insecure machine.Funding Information
- National Science Foundation (1816226)
This publication has 11 references indexed in Scilit:
- Speculative Taint Tracking (STT)Published by Association for Computing Machinery (ACM) ,2019
- Spectre Attacks: Exploiting Speculative ExecutionPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2019
- On Subnormal Floating Point and Abnormal TimingPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Complete information flow tracking from the gates upPublished by Association for Computing Machinery (ACM) ,2009
- Secure program execution via dynamic information flow trackingPublished by Association for Computing Machinery (ACM) ,2004
- Language-based information-flow securityIEEE Journal on Selected Areas in Communications, 2003
- Predictive techniques for aggressive load speculationPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Value locality and load value predictionPublished by Association for Computing Machinery (ACM) ,1996
- Security Policies and Security ModelsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,1982
- An Efficient Algorithm for Exploiting Multiple Arithmetic UnitsIBM Journal of Research and Development, 1967