cispa_all_4059.pdf (651 kB)

Switchpoline: A Software Mitigation for Spectre-BTB and Spectre-BHB on ARMv

Download (651 kB)
conference contribution
posted on 2024-03-05, 12:22 authored by Markus Bauer, Lorenz Andreas HetterichLorenz Andreas Hetterich, Christian RossowChristian Rossow, Michael SchwarzMichael Schwarz

Spectre-BTB, also known as Spectre Variant 2, is often considered the most dangerous Spectre variant. While there are widely-deployed software workarounds on x86, such as Retpoline, there are no automated software workarounds for protecting generic userspace applications on ARMv8. Moreover, hardware solutions do not consider in-place mistraining or variants such as branch-history injection (Spectre-BHI), also known as Spectre-BHB. In this paper, we introduce Switchpoline, the first automated Spectre-BTB and Spectre-BHB software workaround protecting C and C++ userspace applications on ARMv8 against all variants of Spectre-BTB and Spectre-BHB. The main security of Switchpoline is that eliminating indirect branches eliminates attacks on indirect branches. Switchpoline is based on a static compiler pass and a dynamic just-in-time (JIT) compiler component that rewrite indirect control-flow transfers into direct control-flow transfers. Switchpoline successfully prevents Spectre-BTB and Spectre-BHB in userspace applications with a negligible mean performance overhead of 1.8 % measured in the SPEC CPU 2017 benchmark. Moreover, unlike many x86-specific mitigations, Switchpoline is compatible with existing orthogonal defenses, such as (hardware) CFI or Spectre-PHT mitigations. Hence, Switchpoline is a practical generic software mitigation on ARMv8.


Preferred Citation

Markus Bauer, Lorenz Hetterich, Christian Rossow, Michael Schwarz. Switchpoline: A Software Mitigation for Spectre-BTB and Spectre-BHB on ARMv. In: ASIACCS Singapore. 2024.

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

ASIACCS Singapore

Legacy Posted Date



@inproceedings{cispa_all_4059, author = {Markus Bauer AND Lorenz Hetterich AND Christian Rossow AND Michael Schwarz}, title = {Switchpoline: A Software Mitigation for Spectre-BTB and Spectre-BHB on ARMv}, booktitle = {ASIACCS Singapore}, year = {2024} }

Usage metrics


    No categories selected



    Ref. manager