HyBP: Hybrid Isolation-Randomization Secure Branch Predictor
- 1 April 2022
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
Recently exposed vulnerabilities reveal the necessity to improve the security of branch predictors. Branch predictors record history about the execution of different processes, and such information from different processes are stored in the same structure and thus accessible to each other. This leaves the attackers with the opportunities for malicious training and malicious perception. Physical or logical isolation mechanisms such as using dedicated tables and flushing during context-switch can provide security but incur non-trivial costs in space and/or execution time. Randomization mechanisms incurs the performance cost in a different way: those with higher securities add latency to the critical path of the pipeline, while the simpler alternatives leave vulnerabilities to more sophisticated attacks.This paper proposes HyBP, a practical hybrid protection and effective mechanism for building secure branch predictors. The design applies the physical isolation and randomization in the right component to achieve the best of both worlds. We propose to protect the smaller tables with physically isolation based on (thread, privilege) combination; and protect the large tables with randomization. Surprisingly, the physical isolation also significantly enhances the security of the last-level tables by naturally filtering out accesses, reducing the information flow to these bigger tables. As a result, key changes can happen less frequently and be performed conveniently at context switches. Moreover, we propose a latency hiding design for a strong cipher by precomputing the "code book" with a validated, cryptographically strong cipher. Overall, our design incurs a performance penalty of 0.5% compared to 5.1% of physical isolation under the default context switching interval in Linux.Keywords
Funding Information
- Chinese Academy of Sciences
- National Science Fund for Distinguished Young Scholars
This publication has 33 references indexed in Scilit:
- Jump over ASLR: Attacking branch predictors to bypass ASLRPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2016
- Understanding and Mitigating Covert Channels Through Branch PredictorsACM Transactions on Architecture and Code Optimization, 2016
- Covert channels through branch predictorsPublished by Association for Computing Machinery (ACM) ,2015
- Random Fill Cache ArchitecturePublished by Institute of Electrical and Electronics Engineers (IEEE) ,2014
- True hardware random number generation implemented in the 32-nm SOI POWER7+ processorIBM Journal of Research and Development, 2013
- PRINCE – A Low-Latency Block Cipher for Pervasive Computing ApplicationsLecture Notes in Computer Science, 2012
- The gem5 simulatorACM SIGARCH Computer Architecture News, 2011
- Dynamically Controlled Resource Allocation in SMT ProcessorsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2004
- Lattice scheduling and covert channelsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- Using hybrid branch predictors to improve branch prediction accuracy in the presence of context switchesPublished by Association for Computing Machinery (ACM) ,1996