Projekte pro Jahr
Abstract
Attacks exploiting speculative execution, known as Spectre
attacks, have gained substantial attention in the scientific community
and in industry with a broad range of defense techniques proposed. In
particular, in-software defenses for commodity systems attempt to leave
the program structure as is, but defuse every potential Spectre gadget
by, e.g., stopping the speculation, or limiting value ranges. While these
mitigations disrupt the program flow on every conditional branch, they
still contain every single conditional branch instruction.
In this paper, we show that one dimension of Spectre mitigations has
been overlooked entirely. We explore a novel principled Spectre mitiga-
tion that sits at the other end of the scale: the absence of conditional and
indirect branches. Our mitigation is based on automatically linearizing
the program flow through a special compiler pass, eliminating all condi-
tional and indirect branches. We show that our Spectre mitigation has
very clear security guarantees. We explore the feasibility of this unortho-
dox approach and evaluate its performance in comparison to the more
conservative approaches presented so far. We observe that the perfor-
mance overhead can be low, e.g., 5 %, for certain use cases, being on-par
with state-of-the-art mitigations, but very high for other use cases, e.g.,
and overhead factor of 1000. Our results demonstrate the feasibility of
Spectre defenses that eliminate branches and indicate good performance-
security trade-offs for Spectre defenses can be achieved by sticking to
neither of the extremes.
attacks, have gained substantial attention in the scientific community
and in industry with a broad range of defense techniques proposed. In
particular, in-software defenses for commodity systems attempt to leave
the program structure as is, but defuse every potential Spectre gadget
by, e.g., stopping the speculation, or limiting value ranges. While these
mitigations disrupt the program flow on every conditional branch, they
still contain every single conditional branch instruction.
In this paper, we show that one dimension of Spectre mitigations has
been overlooked entirely. We explore a novel principled Spectre mitiga-
tion that sits at the other end of the scale: the absence of conditional and
indirect branches. Our mitigation is based on automatically linearizing
the program flow through a special compiler pass, eliminating all condi-
tional and indirect branches. We show that our Spectre mitigation has
very clear security guarantees. We explore the feasibility of this unortho-
dox approach and evaluate its performance in comparison to the more
conservative approaches presented so far. We observe that the perfor-
mance overhead can be low, e.g., 5 %, for certain use cases, being on-par
with state-of-the-art mitigations, but very high for other use cases, e.g.,
and overhead factor of 1000. Our results demonstrate the feasibility of
Spectre defenses that eliminate branches and indicate good performance-
security trade-offs for Spectre defenses can be achieved by sticking to
neither of the extremes.
Originalsprache | englisch |
---|---|
Titel | Financial Cryptography and Data Security - 25th International Conference, FC 2021, Revised Selected Papers |
Redakteure/-innen | Nikita Borisov, Claudia Diaz |
Seiten | 293-310 |
Seitenumfang | 18 |
ISBN (elektronisch) | 978-3-662-64322-8 |
DOIs | |
Publikationsstatus | Veröffentlicht - 2021 |
Veranstaltung | 25th International Conference on Financial Cryptography and Data Security: FC 2021 - Virtual conference, Virtual Dauer: 1 März 2021 → 5 März 2021 https://fc21.ifca.ai/ |
Publikationsreihe
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Band | 12674 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (elektronisch) | 1611-3349 |
Konferenz
Konferenz | 25th International Conference on Financial Cryptography and Data Security |
---|---|
Ort | Virtual |
Zeitraum | 1/03/21 → 5/03/21 |
Internetadresse |
ASJC Scopus subject areas
- Theoretische Informatik
- Allgemeine Computerwissenschaft
Fingerprint
Untersuchen Sie die Forschungsthemen von „Specfuscator: Evaluating Branch Removal as a Spectre Mitigation“. Zusammen bilden sie einen einzigartigen Fingerprint.Projekte
- 1 Abgeschlossen
-
EU - SOPHIA - Absicherung von Software gegen Physische Angriffe
Mangard, S. (Teilnehmer (Co-Investigator))
1/09/16 → 31/12/21
Projekt: Forschungsprojekt