Transient State Signaling for Spectre/Meltdown Transient Cache Side-channel Prevention

Zelong Li; Akhilesh Tyagi

doi:10.5220/0011307500003283

Transient State Signaling for Spectre/Meltdown Transient Cache Side-channel Prevention

Zelong Li, Akhilesh Tyagi

2022

Abstract

The discovery of Meltdown and Spectre attacks and their variants showed that speculative execution offers a major attack surface for micro-architectural side channel attacks. The secret data-dependent traces in the CPU’s micro-architectural state are not cleansed which can be exploited by an adversary to reveal victim’s secrets. In this paper, we propose a cache control scheme that cooperates with a novel load store queue(LSQ) unit to nullify the cache side-channel exploited by Meltdown and Spectre attacks and their variants. In our proposed cache scheme, a new saturating reference counter is added to each cache line to hold the number of accesses since its arrival from the higher level of the memory hierarchy. For every squashed (uncommitted) speculative transient load, a corresponding flush request packet is sent to the downstream memory hierarchy. This ensures that any cache line brought into the cache by a transient load is always evicted soon after the corresponding mis-speculation commit. A cache side-channel adversary can no longer detect the existence of a transiently loaded cache block. Our experiment on gem5 shows that by integrating the proposed design, Meltdown and Spectre variants that uses Flush+Reload attack to create the cache covert channel are completely closed.

Download

Paper Citation

in Harvard Style

Li Z. and Tyagi A. (2022). Transient State Signaling for Spectre/Meltdown Transient Cache Side-channel Prevention. In Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-590-6, pages 655-660. DOI: 10.5220/0011307500003283

in Bibtex Style

@conference{secrypt22,
author={Zelong Li and Akhilesh Tyagi},
title={Transient State Signaling for Spectre/Meltdown Transient Cache Side-channel Prevention},
booktitle={Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2022},
pages={655-660},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011307500003283},
isbn={978-989-758-590-6},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - Transient State Signaling for Spectre/Meltdown Transient Cache Side-channel Prevention
SN - 978-989-758-590-6
AU - Li Z.
AU - Tyagi A.
PY - 2022
SP - 655
EP - 660
DO - 10.5220/0011307500003283