A Defense Mechanism Against Transient Execution Attacks On SMT Processors
- 1 January 2021
- journal article
- Published by Institute of Electronics, Information and Communications Engineers (IEICE) in IEICE Electronics Express
Abstract
Transient execution attack does not affect the state of processor microarchitecture, which breaks the traditional definition of correct execution. It not only brings great challenges to the industrial product security, but also opens up a new research direction for the academic community. This paper proposes a defense mechanism for SMT processors against launching transient execution attacks using shared cache. The main structure includes two parts, a security shadow label and a transient execution cache. In the face of the side channel attacks widely used by transient execution attack, our defense mechanism adds a security shadow label to the memory request from the thread with high security requirement, so that the shared cache can distinguish the cache requests from different security level threads. At the same time, based on the record of security shadow label, the transient execution cache is used to preserve the historical data, so as to realize the repair of the cache state and prevent the modification of the cache state by misspeculated path from being exploited by attackers. Finally, the cache state is successfully guaranteed to be invisible to any attacker’s cache operations. This design only needs one operation similar to the normal memory access, thus reducing the memory access pressure. Compared with the existing defense schemes, our scheme can effectively prevent Spectre attack, and the overhead of performance is only 3.9%.Keywords
This publication has 21 references indexed in Scilit:
- How secure is your cache against side-channel attacks?Published by Association for Computing Machinery (ACM) ,2017
- Cache Attacks on Intel SGXPublished by Association for Computing Machinery (ACM) ,2017
- CacheBleed: a timing attack on OpenSSL constant-time RSAJournal of Cryptographic Engineering, 2017
- Towards More Practical Time-Driven Cache AttacksLecture Notes in Computer Science, 2014
- The gem5 simulatorACM SIGARCH Computer Architecture News, 2011
- New Results on Instruction Cache AttacksLecture Notes in Computer Science, 2010
- SPEC CPU2006 benchmark descriptionsACM SIGARCH Computer Architecture News, 2006
- Cache Attacks and Countermeasures: The Case of AESLecture Notes in Computer Science, 2006
- Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other SystemsLecture Notes in Computer Science, 1996
- An Efficient Algorithm for Exploiting Multiple Arithmetic UnitsIBM Journal of Research and Development, 1967