ConTExT: A Generic Approach for Mitigating Spectre

Michael Schwarz, Moritz Lipp, Claudio Alberto Canella, Robert Schilling, Florian Kargl, Daniel Gruß

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandBegutachtung


Out-of-order execution and speculative execution are among the biggest contributors to performance and efficiency of modern processors. However, they are inconsiderate, leaking secret data during the transient execution of instructions. Many solutions and hardware fixes have been proposed for mitigating transient-execution attacks. However, they either do not eliminate the leakage entirely or introduce unacceptable performance penalties.

In this paper, we propose ConTExT, a Considerate Transient Execution Technique. ConTExT is a minimal and fully backward compatible architecture change. The basic idea of ConTExT is that secrets can enter registers but not transiently leave them. ConTExT transforms Spectre from a problem that cannot be solved purely in software, to a problem that is not easy to solve, but solvable in software. For this, ConTExT requires minimal, fully backward-compatible modifications of applications, compilers, operating systems, and the hardware. ConTExT offers full protection for secrets in memory and secrets in registers. With ConTExT-light, we propose a software-only solution of ConTExT for existing commodity CPUs protecting secrets in memory. We evaluate the security and performance of ConTExT. Even when over-approximating with ConTExT-light, we observe no performance overhead for unprotected code and data, and an overhead between 0% and 338% for security-critical applications while protecting against all Spectre variants.
TitelNetwork and Distributed System Security Symposium 2020
PublikationsstatusVeröffentlicht - Feb. 2020
VeranstaltungNetwork and Distributed System Security Symposium 2020 - San Diego, USA / Vereinigte Staaten
Dauer: 23 Feb. 202026 Feb. 2020


KonferenzNetwork and Distributed System Security Symposium 2020
Land/GebietUSA / Vereinigte Staaten
OrtSan Diego

ASJC Scopus subject areas

  • Informatik (insg.)


Untersuchen Sie die Forschungsthemen von „ConTExT: A Generic Approach for Mitigating Spectre“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren