SpectreCheck: An Approach to Detecting Speculative Execution Side Channels in Data Cache

Authors

Haifeng Gu, East China Normal University
Mingsong Chen, East China Normal University
Yanzhao Wang, Portland State UniversityFollow
Fei Xie, Portland State UniversityFollow

Published In

2020 IEEE International Conference on Embedded Software and Systems

ISBN

978-1-7281-6466-3/20

Document Type

Citation

Publication Date

12-2020

Abstract

Speculative execution has been widely used in modern CPU designs. This technique improves the CPU performance significantly. However, it may introduce the speculative execution side channels which can be exploited by attackers maliciously, such as the well-known Spectre attack. Although Spectre can expose the speculative execution side channels in data cache, it relies heavily on the training of branch predictors and timing analysis of the target physical processor. Thereby, it is difficult to predict if Spectre attack on processors that are under design in the early stage can succeed or not. For future white-box processors under design, how to identify the speculative execution side channels in data cache in the early stage is an important issue. To address this problem, we propose an approach to generating branch directions (including mis- predictions) of conditional branch instructions based on Instruction Set Architecture simulation. The predictions of the branch predictor in the processor under design will be guided by these branch directions to trigger the speculative execution side channels in data cache for detection. In our experiments, the RISC-V BOOM processor is used as a case study where the speculative execution side channel in data cache can be detected by our approach.

Index Terms—Speculative Execution, Side Channel, Branch Pre-diction, Out-of-Order Execution, RISC-V

Keywords: Out of order, Training, Timing, Instruments, Hardware, Tools, Software, Speculative Execution, Side Channel, Branch Prediction, Out-of-Order Execution, RISC-V

Rights

Copyright © 2020 by the Institute of Electrical and Electronics Engineers, Inc.
All rights reserved.

Locate the Document

PSU Affiliates:
Access the Online Version via Library Subscription

Non-affiliates can access via their library or the publisher:
https://doi.org/10.1109/ICESS49830.2020.9301601

DOI

10.1109/ICESS49830.2020.9301601

Persistent Identifier

https://archives.pdx.edu/ds/psu/42457

Citation Details

H. Gu, M. Chen, Y. Wang and F. Xie, "SpectreCheck: An Approach to Detecting Speculative Execution Side Channels in Data Cache," 2020 IEEE International Conference on Embedded Software and Systems (ICESS), Shanghai, China, 2020, pp. 1-8, doi: 10.1109/ICESS49830.2020.9301601.