Survey of Transient Execution Attacks

05/27/2020
by   Wenjie Xiong, et al.
0

Transient execution attacks, also called speculative execution attacks, have drawn much interest as they exploit the transient execution of instructions, e.g., during branch prediction, to leak data. Transient execution is fundamental to modern computer architectures, yet poses a security risk as has been demonstrated. Since the first disclosure of Spectre and Meltdown attacks in January 2018, a number of new attack types or variants of the attacks have been presented. These attacks have motivated computer architects to rethink the design of processors and propose hardware defenses. This paper summarizes the components and the phases of the transient execution attacks. Each of the components is further discussed and categorized. A set of metrics is proposed for each component to evaluate the feasibility of an attack. Moreover, the data that can be leaked in the attacks are summarized. Further, the existing attacks are compared, and the limitations of these attacks are discussed based on the proposed metrics. In the end, existing mitigations at the micro-architecture level from literature are discussed.

READ FULL TEXT
research
11/13/2018

A Systematic Evaluation of Transient Execution Attacks and Defenses

Modern processor optimizations such as branch prediction and out-of-orde...
research
03/27/2020

SpectreRewind: A Framework for Leaking Secrets to Past Instructions

Transient execution attacks,such as Spectre and Meltdown, utilize micro-...
research
05/29/2019

Fallout: Reading Kernel Writes From User Space

Recently, out-of-order execution, an important performance optimization ...
research
05/22/2019

ConTExT: Leakage-Free Transient Execution

Out-of-order execution and speculative execution are among the biggest c...
research
07/21/2021

Leaking Secrets through Modern Branch Predictor in the Speculative World

Transient execution attacks that exploit speculation have raised signifi...
research
07/18/2021

SpecBox: A Label-Based Transparent Speculation Scheme Against Transient Execution Attacks

Speculative execution techniques have been a cornerstone of modern proce...
research
08/24/2021

Transient Execution of Non-Canonical Accesses

Recent years have brought microarchitectural security intothe spotlight,...

Please sign up or login with your details

Forgot password? Click here to reset