unXpec: Breaking Undo-based Safe Speculation
- 1 April 2022
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE) in 2022 IEEE International Symposium on High-Performance Computer Architecture (HPCA)
Abstract
Speculative execution attacks exploiting speculative execution to leak secrets have aroused significant concerns in both industry and academia. They mainly exploit covert or side channels over microarchitectural states left by mis-speculated and squashed instructions (i.e., transient instructions). Most such attacks target cache states. Existing cache-based defenses against speculative execution attacks fall into two categories, Invisible and Undo. Most Invisible defenses buffer execution metadata of speculative instructions and place them into the cache only if the speculatively executed instructions become determined. Motivated by the fact that mis-speculations are rare cases, Undo defenses allow speculative instructions to modify cache states. Upon a mis-speculation, they rollback cache states to the ones prior to the execution of transient instructions. However, Invisible defenses have been recently found insecure by the speculative interference attack. This calls for a deep security inspection of Undo defenses against speculative execution attacks.In this paper, we present unXpec as the first attack against Undo-based safe speculation. It exploits the secret-dependent timing channel exhibited through the rollback operations of Undo defenses. Specifically, the rollback process requires both invalidating cache lines brought into the cache by transient instructions and restoring evicted cache lines from the cache by transiently loaded data. This opens up a channel that encodes secret via the timing difference between when rollback involves much invalidation and restoration or not. We further leverage eviction sets to enforce more restoration operations. This yields a longer rollback time and thus a larger secret-dependent timing difference. We demonstrate the timing channel over the open-source CleanupSpec, a representative Undo solution. A single transient load can trigger a secret-dependent timing difference of 22 cycles (without eviction sets) of 32 cycles (with eviction sets), which is sufficiently exploitable for constructing a covert channel for speculative execution attacks. We run unXpec on the gem5 simulator with CleanupSpec enabled. The results show that unXpec can leak secrets at a high rate of 140 Kbps with an accuracy over 90%. Simply enforcing constant-time rollback to mitigate unXpec may induce an over 70% performance overhead.Keywords
This publication has 26 references indexed in Scilit:
- SPEC CPU2017Published by Association for Computing Machinery (ACM) ,2018
- Are Coherence Protocol States Vulnerable to Information Leakage?Published by Institute of Electrical and Electronics Engineers (IEEE) ,2018
- Hello from the Other Side: SSH over Robust Cache Covert Channels in the CloudPublished by Internet Society ,2017
- A survey of microarchitectural timing attacks and countermeasures on contemporary hardwareJournal of Cryptographic Engineering, 2016
- The Spy in the SandboxPublished by Association for Computing Machinery (ACM) ,2015
- Last-Level Cache Side-Channel Attacks are PracticalPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Non-monopolizable cachesACM Transactions on Architecture and Code Optimization, 2012
- The gem5 simulatorACM SIGARCH Computer Architecture News, 2011
- Efficient Cache Attacks on AES, and CountermeasuresJournal of Cryptology, 2009
- Reducing Timing Channels with Fuzzy TimeJournal of Computer Security, 1992