Spectrecheck: an Approach to Detecting Speculative Execution Side Channels in Data Cache
This work was partially supported by the National Key Research and Development Program of China under Grant 2018YFB2101300, the Natural Science Foundation of China under Grant 61872147 and a generous gift from Intel Corporation. Mingsong Chen is the corresponding author.
2020 IEEE International Conference on Embedded Software and Systems (ICESS)
Speculative execution has been widely used in modern CPU designs. This technique improves the CPU performance significantly. However, it may introduce the speculative execution side channels which can be exploited by attackers maliciously, such as the well-known Spectre attack. Although Spectre can expose the speculative execution side channels in data cache, it relies heavily on the training of branch predictors and timing analysis of the target physical processor. Thereby, it is difficult to predict if Spectre attack on processors that are under design in the early stage can succeed or not. For future white-box processors under design, how to identify the speculative execution side channels in data cache in the early stage is an important issue. To address this problem, we propose an approach to generating branch directions (including mis-predictions) of conditional branch instructions based on Instruction Set Architecture simulation. The predictions of the branch predictor in the processor under design will be guided by these branch directions to trigger the speculative execution side channels in data cache for detection. In our experiments, the RISC-V BOOM processor is used as a case study where the speculative execution side channel in data cache can be detected by our approach.
@ 2020 IEEE
Locate the Document
Gu, H., Chen, M., Wang, Y., & Xie, F. (2020). SpectreCheck: An Approach to Detecting Speculative Execution Side Channels in Data Cache. Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/icess49830.2020.9301601