research-article

Public Access

Speculative taint tracking (STT): a comprehensive protection for speculatively accessed data

Authors:

Josep Torrellas,

Christopher W. FletcherAuthors Info & Claims

Communications of the ACM, Volume 64, Issue 12

Pages 105 - 112

https://doi.org/10.1145/3491201

Published: 19 November 2021 Publication History

All formats PDF

Abstract

Speculative execution attacks present an enormous security threat, capable of reading arbitrary program data under malicious speculation, and later exfiltrating that data over microarchitectural covert channels. This paper proposes speculative taint tracking (STT), a high security and high performance hardware mechanism to block these attacks. The main idea is that it is safe to execute and selectively forward the results of speculative instructions that read secrets, as long as we can prove that the forwarded results do not reach potential covert channels. The technical core of the paper is a new abstraction to help identify all micro-architectural covert channels, and an architecture to quickly identify when a covert channel is no longer a threat. We further conduct a detailed formal analysis on the scheme in a companion document. When evaluated on SPEC06 workloads, STT incurs 8.5% or 14.5% performance overhead relative to an insecure machine.

References

[1]

Aciicmez, O., Seifert, J.-P., Koc, C.K. Predicting secret keys via branch prediction. In IACR'06 (2006).

[2]

Aldaya, A.C., Brumley, B.B., ul Hassan, S., García, C. P., Tuveri, N. Port contention for fun and profit. In IACR'18 (2018).

[3]

Andrysco, M., Kohlbrenner, D., Mowery, K., Jhala, R., Lerner, S., Shacham, H. On subnormal floating point and abnormal timing. In S&P'15 (2015).

Digital Library

[4]

Bhattacharyya, A., Sandulescu, A., Neugschwandtner, M., Sorniotti, A., Falsafi, B., Payer, M., Kurmus, A. SMoTherSpectre: Exploiting speculative execution through port contention. In CCS'19 (2019).

Digital Library

[5]

Canella, C., Bulck, J.V., Schwarz, M., Lipp, M., von Berg, B., Ortner, P., Piessens, F., Evtyushkin, D., Gruss, D. A systematic evaluation of transient execution attacks and defenses. In USENIX Security'19 (2019).

[6]

Chrysos, G.Z., Emer, J.S. Memory dependence prediction using store sets. In ISCA'98 (1998).

[7]

Dalton, M., Kannan, H., Kozyrakis, C. Raksha: A flexible information flow architecture for software security. In ISCA'07 (2007).

Digital Library

[8]

Gharachorloo, K., Gupta, A., Hennessy, J. Two techniques to enhance the performance of memory consistency models. In ICPP'91 (1991).

[9]

Goguen, J.A., Meseguer, J. Security policies and security models. In 1982 IEEE Symposium on Security and Privacy (1982).

[10]

Großschädl, J., Oswald, E., Page, D., Tunstall, M. Side-channel analysis of cryptographic software via early-terminating multiplications. In (2009).

[11]

Hennessy, J.L., Patterson, D.A. Computer Architecture: A Quantitative Approach, 6^th edn. Morgan Kaufmann Publishers Inc., 2017.

Digital Library

[12]

Intel. Q2 2018 speculative execution side channel update, 2018. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html.

[13]

Johnson, M. Superscalar Microprocessor Design. Prentice Hall Englewood Cliffs, New Jersey, 1991.

Digital Library

[14]

Kiriansky, V., Lebedev, I.A., Amarasinghe, S.P., Devadas, S., Emer, J. DAWG: A defense against cache timing attacks in speculative execution processors. In MICRO'18 (2018).

[15]

Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T., Schwarz, M., Yarom, Y. Spectre attacks: Exploiting speculative execution. In S&P'19 (2019).

[16]

Lipasti, M.H., Wilkerson, C.B., Shen, J.P. Value locality and load value prediction. In ASPLOS'96 (1996).

Digital Library

[17]

Percival, C. Cache missing for fun and profit. In Proceedings of BSDCan 2005 (2005).

[18]

Reinman, G., Calder, B. Predictive techniques for aggressive load speculation. In MICRO'98 (1998).

[19]

Sabelfeld, A., Myers, A.C. Language-based information-flow security. IEEE J. Sel. Areas Commun. 21, 1 (Jan. 2003), 5--19.

Digital Library

[20]

Schwarz, M., Schwarzl, M., Lipp, M., Gruss, D. Netspectre: Read arbitrary memory over network. In ESORICS'19 (2019).

[21]

Suh, G.E., Lee, J.W., Zhang, D., Devadas, S. Secure program execution via dynamic information flow tracking. In ASPLOS'04 (2004).

Digital Library

[22]

Tiwari, M., Wassel, H.M., Mazloom, B., Mysore, S., Chong, F.T., Sherwood, T. Complete information flow tracking from the gates up. In ASPLOS'09 (2009).

Digital Library

[23]

Tomasulo, R.M. An efficient algorithm for exploiting multiple arithmetic units. IBM J. Res. Dev. 11, 1 (1967), 25--33.

Digital Library

[24]

Van Bulck, J., Minkin, M., Weisse, O., Genkin, D., Kasikci, B., Piessens, F., Silberstein, M., Wenisch, T.F., Yarom, Y., Strackx, R. Foreshadow: Extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In USENIX Security'18 (2008).

[25]

Yan, M., Choi, J., Skarlatos, D., Morrison, A., Fletcher, C.W., Torrellas, J. InvisiSpec: Making speculative execution invisible in the cache hierarchy. In MICRO'18 (2018).

[26]

Yarom, Y., Falkner, K. Flush+Reload: A high resolution, low noise, L3 cache side-channel attack. In USENIX Security'14 (2014).

[27]

Yu, J., Hsiung, L., Hajj, M.E., Fletcher, C.W. Data oblivious ISA extensions for side channel-resistant and high performance computing. In NDSS'19. https://eprint.iacr.org/2018/808.

[28]

Yu, J., Mantri, N., Torrellas, J., Morrison, A., Fletcher, C.W. Speculative data-oblivious execution: Mobilizing safe prediction for safe and efficient speculative execution. In ISCA'20.

[29]

Yu, J., Yan, M., Khyzha, A., Morrison, A., Torrellas, J., Fletcher, C.W. Speculative Taint Tracking (STT): A Formal Analysis. Technical report, University of Illinois at Urbana-Champaign and Tel Aviv University, 2019. http://cwfletcher.net/Content/Publications/Academics/TechReport/stt-formal-tr_micro19.pdf.

Digital Library

Cited By

Yin YCui JZhang J(2024)CPU Address-Leakage Transient Execution Attack Detection and Its CountermeasuresIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.339788043:12(4463-4475)Online publication date: 1-Dec-2024
https://dl.acm.org/doi/10.1109/TCAD.2024.3397880
Schmidbauer TWendzel SSuga YSakurai KDing XSako K(2022)SoKProceedings of the 2022 ACM on Asia Conference on Computer and Communications Security10.1145/3488932.3517418(546-560)Online publication date: 30-May-2022
https://dl.acm.org/doi/10.1145/3488932.3517418
Guanciale RPaladi NVahidi A(2022)SoK: Confidential Quartet - Comparison of Platforms for Virtualization-Based Confidential Computing2022 IEEE International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED55351.2022.00017(109-120)Online publication date: Sep-2022
https://doi.org/10.1109/SEED55351.2022.00017

Index Terms

Speculative taint tracking (STT): a comprehensive protection for speculatively accessed data
1. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures

Recommendations

Speculative Privacy Tracking (SPT): Leaking Information From Speculative Execution Without Compromising Privacy
MICRO '21: MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture

Speculative execution attacks put a dangerous new twist on information leakage through microarchitectural side channels. Ordinarily, programmers can reason about leakage based on the program’s semantics, and prevent said leakage by carefully writing the ...
Speculative Taint Tracking (STT): A Comprehensive Protection for Speculatively Accessed Data
MICRO '52: Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture

Speculative execution attacks present an enormous security threat, capable of reading arbitrary program data under malicious speculation, and later exfiltrating that data over microarchitectural covert channels. Since these attacks first rely on being ...
Speculative precomputation: long-range prefetching of delinquent loads
Special Issue: Proceedings of the 28th annual international symposium on Computer architecture (ISCA '01)

This paper explores Speculative Precomputation, a technique that uses idle thread context in a multithreaded architecture to improve performance of single-threaded applications. It attacks program stalls from data cache misses by pre-computing future ...

Comments

Information & Contributors

Information

Published In

cover image Communications of the ACM

Communications of the ACM Volume 64, Issue 12

December 2021

101 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/3502158

Editor:
Andrew A. Chien
Association for Computing Machinery, New York, NY

Issue’s Table of Contents

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 November 2021

Published in CACM Volume 64, Issue 12

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed

Funding Sources

National Science Foundation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
16,320
Total Downloads

Downloads (Last 12 months)996
Downloads (Last 6 weeks)106

Reflects downloads up to 12 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Yin YCui JZhang J(2024)CPU Address-Leakage Transient Execution Attack Detection and Its CountermeasuresIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.339788043:12(4463-4475)Online publication date: 1-Dec-2024
https://dl.acm.org/doi/10.1109/TCAD.2024.3397880
Schmidbauer TWendzel SSuga YSakurai KDing XSako K(2022)SoKProceedings of the 2022 ACM on Asia Conference on Computer and Communications Security10.1145/3488932.3517418(546-560)Online publication date: 30-May-2022
https://dl.acm.org/doi/10.1145/3488932.3517418
Guanciale RPaladi NVahidi A(2022)SoK: Confidential Quartet - Comparison of Platforms for Virtualization-Based Confidential Computing2022 IEEE International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED55351.2022.00017(109-120)Online publication date: Sep-2022
https://doi.org/10.1109/SEED55351.2022.00017

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Digital Edition

View this article in digital edition.

Digital Edition

Magazine Site

View this article on the magazine site (external)

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents