CISPA
Browse

Beyond Over-Protection: A Targeted Approach to Spectre Mitigation and Performance Optimization

Download (1.8 MB)
conference contribution
posted on 2024-07-17, 11:26 authored by Tiziano MarinaroTiziano Marinaro, Pablo Buiras, Andreas Lindner, Roberto Guanciale, Hamed Nemati
Since the advent of Spectre attacks, researchers and practitioners have developed a range of hardware and software measures to counter transient execution attacks. A prime example of such mitigation is speculative load hardening (slh) in LLVM, which protects against leaks by tracking the speculation state and masking values during misspeculation. LLVM relies on static analysis to harden programs using slh that often results in over-protection, which incurs performance overhead. We extended an existing side-channel model validation framework, Scam-V, to check the vulnerability of programs to Spectre-PHT attacks and optimize the protection of programs using the slh approach. We illustrate the efficacy of Scam-V by first demonstrating that it can automatically identify Spectre vulnerabilities in programs, e.g., fragments of crypto-libraries. We then develop an optimization mechanism to validate the necessity of slh hardening w.r.t. the target platform. Our experiments showed that hardening introduced by LLVM in most cases could be improved when the underlying microarchitecture properties are considered.

History

Primary Research Area

  • Trustworthy Information Processing

Name of Conference

ACM ASIA Conference on Computer and Communications Security (AsiaCCS)

Journal

Proceedings of the 19th ACM Asia Conference on Computer and Communications Security

Page Range

203–216-203–216

Publisher

Association for Computing Machinery

Open Access Type

  • Unknown

BibTeX

@conference{Marinaro:Buiras:Lindner:Guanciale:Nemati:2024, title = "Beyond Over-Protection: A Targeted Approach to Spectre Mitigation and Performance Optimization", author = "Marinaro, Tiziano" AND "Buiras, Pablo" AND "Lindner, Andreas" AND "Guanciale, Roberto" AND "Nemati, Hamed", year = 2024, month = 7, journal = "Proceedings of the 19th ACM Asia Conference on Computer and Communications Security", pages = "203–216--203–216", publisher = "Association for Computing Machinery", doi = "10.1145/3634737.3637651" }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC