INVISIBLE HARDWARE SPECULATION: A COMPREHENSIVE AND EFFICIENT DEFENSE SOLUTION AGAINST SPECULATIVE SIDE CHANNEL ATTACKS
Abstract
Timing side channels caused by speculative execution have opened a new chapter in hardware security. It has been demonstrated that speculative side channel attacks can completely break process isolation, the central component of modern computer security. Speculative side channels exploit two fundamental design principles of hardware processors, i.e. sharing of hardware resources and speculative execution. Nearly all modern processors on the market, by all major processor vendors, are vulnerable to these types of attacks. We propose Invisible Hardware Speculation (IHS for short), a security design principle and a set of associated hardware defense mechanisms, to eliminate speculative side channels while preserve the performance of current processors. IHS completely blocks interference from speculative instructions in one security domain to any instruction in other security domains on the system. Instead of merely considering existing known attacks, we cover future attacks by comprehensively consider potential attacks which can use all kinds of approaches to manipulate speculative execution and use all shared micro-architecture structures to create side channels. We divide hardware processors into a non-speculative world, where all hardware resources are completely shared across security domains to achieve high performance, and a speculative world, where hardware resources are strictly partitioned between security domains to block information leakage caused by speculative instructions. The overall anticipated impact of this research will be holistically secure hardware processors that are resistant to speculative side channel attacks and thus can be trusted by individual users, large organizations and computing platform providers. In addition, we expect that users are able to run unmodified applications securely on IHS-enabled processors with minimal performance overhead.
Document Details
- Document Type
- DoD Grant Award
- Publication Date
- Aug 12, 2021
- Source ID
- FA95502010402
Entities
People
- Mengjia Yan
Organizations
- Air Force Office of Scientific Research
- Massachusetts Institute of Technology
- United States Air Force