Speculative execution techniques have been a cornerstone of modern processors
to improve instruction-level parallelism. However, recent studies showed that
this kind of techniques could be exploited by attackers to leak secret data via
transient execution attacks, such as Spectre. Many defenses are proposed to
address this problem, but they all face various challenges: (1) Tracking data
flow in the instruction pipeline could comprehensively address this problem,
but it could cause pipeline stalls and incur high performance overhead; (2)
Making side effect of speculative execution imperceptible to attackers, but it
often needs additional storage components and complicated data movement
operations. In this paper, we propose a label-based transparent speculation
scheme called SpecBox. It dynamically partitions the cache system to isolate
speculative data and non-speculative data, which can prevent transient
execution from being observed by subsequent execution. Moreover, it uses thread
ownership semaphores to prevent speculative data from being accessed across
cores. In addition, SpecBox also enhances the auxiliary components in the cache
system against transient execution attacks, such as hardware prefetcher. Our
security analysis shows that SpecBox is secure and the performance evaluation
shows that the performance overhead on SPEC CPU 2006 and PARSEC-3.0 benchmarks
is small.

By admin