NDA
| Autor: | Thomas F. Wenisch, Kevin Loughlin, Ofir Weisse, Ian Neal, Baris Kasikci |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
010302 applied physics
Exploit Computer science Speculative execution Covert channel 02 engineering and technology Dynamic priority scheduling Computer security computer.software_genre 01 natural sciences 020202 computer hardware & architecture 0103 physical sciences 0202 electrical engineering electronic engineering information engineering Key (cryptography) Code (cryptography) Cache computer Block (data storage) |
| Zdroj: | MICRO |
| DOI: | 10.1145/3352460.3358306 |
| Popis: | Speculative execution attacks like Meltdown and Spectre work by accessing secret data in wrong-path execution. Secrets are then transmitted and recovered by the attacker via a covert channel. Existing mitigations either require code modifications, address only specific exploit techniques, or block only the cache covert channel. Rather than battling exploit techniques and covert channels one by one, we seek to close off speculative execution attacks at their source. Our key observation is that these attacks require a chain of dependent wrong-path instructions to access and transmit secret data. We propose NDA, a technique to restrict speculative data propagation. NDA breaks the attacks' wrong-path dependence chains while still allowing speculation and dynamic scheduling. We describe a design space of NDA variants that differ in the constraints they place on dynamic scheduling and the classes of speculative execution attacks they prevent. NDA preserves much of the performance advantage of out-of-order execution: on SPEC CPU 2017, NDA variants close 68-96% of the performance gap between in-order and unconstrained (insecure) out-of-order execution. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|