unXpec: Breaking Undo-based Safe Speculation

conference paper
conference paper
Published by Institute of Electrical and Electronics Engineers (IEEE) in 2022 IEEE International Symposium on High-Performance Computer Architecture (HPCA)

p. 98-112
https://doi.org/10.1109/hpca53966.2022.00016

Abstract

Speculative execution attacks exploiting speculative execution to leak secrets have aroused significant concerns in both industry and academia. They mainly exploit covert or side channels over microarchitectural states left by mis-speculated and squashed instructions (i.e., transient instructions). Most such attacks target cache states. Existing cache-based defenses against speculative execution attacks fall into two categories, Invisible and Undo. Most Invisible defenses buffer execution metadata of speculative instructions and place them into the cache only if the speculatively executed instructions become determined. Motivated by the fact that mis-speculations are rare cases, Undo defenses allow speculative instructions to modify cache states. Upon a mis-speculation, they rollback cache states to the ones prior to the execution of transient instructions. However, Invisible defenses have been recently found insecure by the speculative interference attack. This calls for a deep security inspection of Undo defenses against speculative execution attacks.In this paper, we present unXpec as the first attack against Undo-based safe speculation. It exploits the secret-dependent timing channel exhibited through the rollback operations of Undo defenses. Specifically, the rollback process requires both invalidating cache lines brought into the cache by transient instructions and restoring evicted cache lines from the cache by transiently loaded data. This opens up a channel that encodes secret via the timing difference between when rollback involves much invalidation and restoration or not. We further leverage eviction sets to enforce more restoration operations. This yields a longer rollback time and thus a larger secret-dependent timing difference. We demonstrate the timing channel over the open-source CleanupSpec, a representative Undo solution. A single transient load can trigger a secret-dependent timing difference of 22 cycles (without eviction sets) of 32 cycles (with eviction sets), which is sufficiently exploitable for constructing a covert channel for speculative execution attacks. We run unXpec on the gem5 simulator with CleanupSpec enabled. The results show that unXpec can leak secrets at a high rate of 140 Kbps with an accuracy over 90%. Simply enforcing constant-time rollback to mitigate unXpec may induce an over 70% performance overhead.

Keywords

This publication has 26 references indexed in Scilit:

SPEC CPU2017
Published by Association for Computing Machinery (ACM) ,2018
Are Coherence Protocol States Vulnerable to Information Leakage?
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2018
Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud
Published by Internet Society ,2017
A survey of microarchitectural timing attacks and countermeasures on contemporary hardware
Journal of Cryptographic Engineering, 2016
The Spy in the Sandbox
Published by Association for Computing Machinery (ACM) ,2015
Last-Level Cache Side-Channel Attacks are Practical
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2015
Non-monopolizable caches
ACM Transactions on Architecture and Code Optimization, 2012
The gem5 simulator
ACM SIGARCH Computer Architecture News, 2011
Efficient Cache Attacks on AES, and Countermeasures
Journal of Cryptology, 2009
Reducing Timing Channels with Fuzzy Time
Journal of Computer Security, 1992

Cited by 4 articles