research-article

Open access

Conditional address propagation: an efficient defense mechanism against transient execution attacks

Authors:

Dan MengAuthors Info & Claims

DAC '22: Proceedings of the 59th ACM/IEEE Design Automation Conference

Pages 547 - 552

https://doi.org/10.1145/3489517.3530679

Published: 23 August 2022 Publication History

Abstract

Speculative execution is a critical technique in modern high performance processors. However, continuously exposed transient execution attacks, including Spectre and Meltdown, disclosed a large attack surface in mispredicted execution. Current state-of-the-art defense strategy blocks all memory accesses that use addresses loaded speculatively. However, propagation of base addresses is common in general applications and we find that more than 60% blocked memory accesses use propagated base rather than offset addresses. Therefore, we propose a novel hardware defense mechanism, named Conditional Address Propagation, to identify safe base addresses through taint tracking and address checking by a History Table. Then, the safe base addresses are allowed to be propagated to retrieve performance. For remaining unsafe addresses, they cannot be propagated for security. We constructed experiments on cycle-accurate Gem5 simulator. Compared to the representative study, STT, our mechanism effectively decreases the performance overhead from 13.27% to 1.92% targeting Spectre-type and 19.66% to 5.23% targeting all-type cache-based transient execution attacks.

References

[1]

Jamison Collins and otheres. 2002. Pointer cache assisted prefetching. In MICRO.

[2]

Townley Daniel and Ponomarev Dmitry. 2019. SMT-COP: Defeating Side-Channel Attacks on Execution Units in SMT Processors. In PACT.

[3]

Jacob Fustos, Farzad Farshchi, and Heechul Yun. 2019. SpectreGuard: An Efficient Data-centric Defense Mechanism against Spectre Attacks. In DAC.

[4]

Zhichao Hua, Dong Du, Yubin Xia, et al. 2018. EPTI: Efficient Defence against Meltdown Attack for Unpatched VMs. In USENIX ATC.

[5]

Khaled N. Khasawneh, Esmaeil Mohammadian Koruyeh, et al. 2019. SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation. In DAC.

[6]

Paul Kocher, Jann Horn, Anders Fogh, et al. 2019. Spectre attacks: Exploiting speculative execution. In S&P.

[7]

Barber Kristin, Bacha Anys, Zhou Li, et al. 2019. SpecShield: Shielding Speculative Data from Microarchitectural Covert Channels. In PACT.

[8]

Peinan Li, Lutan Zhao, et al. 2019. Conditional Speculation: An Effective Approach to Safeguard Out-of-Order Execution against Spectre Attacks. In HPCA.

[9]

Lipp Moritz, Schwarz Michael, Gruss Daniel, et al. 2018. Meltdown: Reading Kernel Memory from User Space. In USENIX Security.

[10]

Michael Schwarz, Moritz Lipp, Daniel Moghimi, et al. 2019. ZombieLoad: Cross-Privilege-Boundary Data Sampling. In CCS. 1--16.

[11]

Michael Schwarz, Martin Schwarzl, Moritz Lipp, Jon Masters, and Daniel Gruss. 2019. NetSpectre: Read Arbitrary Memory over Network. In ESORICS.

[12]

Mohammadkazem Taram, Ashish Venkat, et al. 2019. Context-Sensitive Fencing: Securing speculative execution via microcode customization. In ASPLOS.

[13]

Jo Van Bulck et al. 2020. LVI: Hijacking transient execution through microarchitectural load value injection. In S&P.

[14]

Ofir Weisse, Ian Neal, Kevin Loughlin, Thomas F Wenisch, and Baris Kasikci. 2019. NDA: Preventing speculative execution attacks at their source. In Micro.

Digital Library

[15]

Mengjia Yan, Jiho Choi, Dimitrios Skarlatos, et al. 2018. InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy. In Micro.

[16]

Jiyong Yu, Namrata Mantri, et al. 2020. Speculative data-oblivious execution: Mobilizing safe prediction for safe and efficient speculative execution. In ISCA.

[17]

Jiyong Yu, Mengjia Yan, Artem Khyzha, et al. 2019. Speculative Taint Tracking (STT): A comprehensive protection for speculatively accessed data. In Micro.

Cited By

She CChen LShi G(2023)DPFCFI: A Hardware-Based Forward Control-Flow Integrity for Architecture and Microarchitecture2023 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom)10.1109/ISPA-BDCloud-SocialCom-SustainCom59178.2023.00089(431-438)Online publication date: 21-Dec-2023
https://doi.org/10.1109/ISPA-BDCloud-SocialCom-SustainCom59178.2023.00089

Recommendations

Exploiting instruction level parallelism in the presence of conditional branches
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03: Proceedings of the 12th conference on USENIX Security Symposium - Volume 12

Attacks which exploit memory programming errors (such as buffer overflows) are one of today's most serious security threats. These attacks require an attacker to have an in-depth understanding of the internal details of a victim program, including the ...
Repairing return address stack for buffer overflow protection
CF '04: Proceedings of the 1st conference on Computing frontiers

Although many defense mechanisms against buffer overflow attacks have been proposed, buffer overflow vulnerability in software is still one of the most prevalent vulnerabilities exploited. This paper proposes a micro-architecture based defense mechanism ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

DAC '22: Proceedings of the 59th ACM/IEEE Design Automation Conference

July 2022

1462 pages

ISBN:9781450391429

DOI:10.1145/3489517

General Chair:
Rob Oshana
NXP

Copyright © 2022 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

SIGDA: ACM Special Interest Group on Design Automation
IEEE CEDA

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 August 2022

Check for updates

Qualifiers

Research-article

Funding Sources

The National Science Fund for Distinguished Young Scholars

Conference

DAC '22

Sponsor:

SIGDA

DAC '22: 59th ACM/IEEE Design Automation Conference

July 10 - 14, 2022

California, San Francisco

Acceptance Rates

Overall Acceptance Rate 1,770 of 5,499 submissions, 32%

Upcoming Conference

DAC '25

Sponsor:
sigda

62nd ACM/IEEE Design Automation Conference

June 22 - 26, 2025

San Francisco , CA , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
492
Total Downloads

Downloads (Last 12 months)269
Downloads (Last 6 weeks)24

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

She CChen LShi G(2023)DPFCFI: A Hardware-Based Forward Control-Flow Integrity for Architecture and Microarchitecture2023 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom)10.1109/ISPA-BDCloud-SocialCom-SustainCom59178.2023.00089(431-438)Online publication date: 21-Dec-2023
https://doi.org/10.1109/ISPA-BDCloud-SocialCom-SustainCom59178.2023.00089

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents