On Value Recomputation to Accelerate Invisible Speculation

02/22/2021
by   Christos Sakalis, et al.
0

Recent architectural approaches that address speculative side-channel attacks aim to prevent software from exposing the microarchitectural state changes of transient execution. The Delay-on-Miss technique is one such approach, which simply delays loads that miss in the L1 cache until they become non-speculative, resulting in no transient changes in the memory hierarchy. However, this costs performance, prompting the use of value prediction (VP) to regain some of the delay. However, the problem cannot be solved by simply introducing a new kind of speculation (value prediction). Value-predicted loads have to be validated, which cannot be commenced until the load becomes non-speculative. Thus, value-predicted loads occupy the same amount of precious core resources (e.g., reorder buffer entries) as Delay-on-Miss. The end result is that VP only yields marginal benefits over Delay-on-Miss. In this paper, our insight is that we can achieve the same goal as VP (increasing performance by providing the value of loads that miss) without incurring its negative side-effect (delaying the release of precious resources), if we can safely, non-speculatively, recompute a value in isolation (without being seen from the outside), so that we do not expose any information by transferring such a value via the memory hierarchy. Value Recomputation, which trades computation for data transfer was previously proposed in an entirely different context: to reduce energy-expensive data transfers in the memory hierarchy. In this paper, we demonstrate the potential of value recomputation in relation to the Delay-on-Miss approach of hiding speculation, discuss the trade-offs, and show that we can achieve the same level of security, reaching 93 baseline performance (5 even an oracular (100

READ FULL TEXT

page 10

page 12

research
05/14/2019

ZombieLoad: Cross-Privilege-Boundary Data Sampling

In early 2018, Meltdown first showed how to read arbitrary kernel memory...
research
06/30/2020

ReversiSpec: Reversible Coherence Protocol for Defending Transient Attacks

The recent works such as InvisiSpec, SafeSpec, and Cleanup-Spec, among o...
research
05/22/2019

ConTExT: Leakage-Free Transient Execution

Out-of-order execution and speculative execution are among the biggest c...
research
03/27/2021

Reducing Load Latency with Cache Level Prediction

High load latency that results from deep cache hierarchies and relativel...
research
05/14/2019

Store-to-Leak Forwarding: Leaking Data on Meltdown-resistant CPUs

Meltdown and Spectre exploit microarchitectural changes the CPU makes du...
research
08/24/2021

Transient Execution of Non-Canonical Accesses

Recent years have brought microarchitectural security intothe spotlight,...

Please sign up or login with your details

Forgot password? Click here to reset