Mitigating Speculative Execution Attacks via Context-Sensitive Fencing
- 17 February 2022
- journal article
- research article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Design & Test
- Vol. 39 (4), 49-57
- https://doi.org/10.1109/mdat.2022.3152633
Abstract
This paper presents Context-Sensitive Fencing (CSF), a micro-code-level mitigation for multiple variants of Spectre. CSF leverages the ability to dynamically alter the instruction stream via the decoder, to seamlessly inject new micro-ops, including fences, only when dynamic conditions indicate they are needed. This enables the processor to protect against the attack with minimal impact on the efficacy of key performance features such as speculative execution. This research also examines several alternative fence implementations, and introduces new types of fences which allow most dynamic reorderings of loads and stores while still preventing speculative accesses from changing visible microarchitectural state.Keywords
Funding Information
- Defense Advanced Research Projects Agency (HR0011-18-C-0020)
- Division of Computer and Network Systems (CCF-1823444, CCF-1912608, CNS-1652925, CNS-1850436)
This publication has 6 references indexed in Scilit:
- ConTExT: A Generic Approach for Mitigating SpectrePublished by Internet Society ,2020
- SMoTherSpectrePublished by Association for Computing Machinery (ACM) ,2019
- Speculative Taint Tracking (STT)Published by Association for Computing Machinery (ACM) ,2019
- Context-Sensitive FencingPublished by Association for Computing Machinery (ACM) ,2019
- InvisiSpec: Making Speculative Execution Invisible in the Cache HierarchyPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2018
- Mobilizing the Micro-Ops: Exploiting Context Sensitive Decoding for Security and Energy EfficiencyPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2018