A Defense Mechanism Against Transient Execution Attacks On SMT Processors

Abstract

Transient execution attack does not affect the state of processor microarchitecture, which breaks the traditional definition of correct execution. It not only brings great challenges to the industrial product security, but also opens up a new research direction for the academic community. This paper proposes a defense mechanism for SMT processors against launching transient execution attacks using shared cache. The main structure includes two parts, a security shadow label and a transient execution cache. In the face of the side channel attacks widely used by transient execution attack, our defense mechanism adds a security shadow label to the memory request from the thread with high security requirement, so that the shared cache can distinguish the cache requests from different security level threads. At the same time, based on the record of security shadow label, the transient execution cache is used to preserve the historical data, so as to realize the repair of the cache state and prevent the modification of the cache state by misspeculated path from being exploited by attackers. Finally, the cache state is successfully guaranteed to be invisible to any attacker’s cache operations. This design only needs one operation similar to the normal memory access, thus reducing the memory access pressure. Compared with the existing defense schemes, our scheme can effectively prevent Spectre attack, and the overhead of performance is only 3.9%.