Half&Half:揭秘英特尔的定向分支预测器，实现快速、安全的分区执行

2023 IEEE Symposium on Security and Privacy (SP) Pub Date : 2023-05-01 DOI:10.1109/SP46215.2023.10179309

Hosein Yavarzadeh, Mohammadkazem Taram, Shravan Narayan, D. Stefan, D. Tullsen

{"title":"Half&Half:揭秘英特尔的定向分支预测器，实现快速、安全的分区执行","authors":"Hosein Yavarzadeh, Mohammadkazem Taram, Shravan Narayan, D. Stefan, D. Tullsen","doi":"10.1109/SP46215.2023.10179309","DOIUrl":null,"url":null,"abstract":"This paper presents Half&Half, a novel software defense against branch-based side-channel attacks. Half&Half isolates the effects of different protection domains on the conditional branch predictors (CBPs) in modern Intel processors. This work presents the first exhaustive analysis of modern conditional branch prediction structures, and reveals for the first time an unknown opportunity to physically partition all CBP structures and completely prevent leakage between two domains using the shared predictor. Half&Half is a software-only solution to branch predictor isolation that requires no changes to the hardware or ISA, and only requires minor modifications to be supported in existing compilers. We implement Half&Half in the LLVM and WebAssembly compilers and show that it incurs an order of magnitude lower overhead compared to the current state-of-the-art branch-based side-channel defenses.","PeriodicalId":439989,"journal":{"name":"2023 IEEE Symposium on Security and Privacy (SP)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Half&Half: Demystifying Intel’s Directional Branch Predictors for Fast, Secure Partitioned Execution\",\"authors\":\"Hosein Yavarzadeh, Mohammadkazem Taram, Shravan Narayan, D. Stefan, D. Tullsen\",\"doi\":\"10.1109/SP46215.2023.10179309\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper presents Half&Half, a novel software defense against branch-based side-channel attacks. Half&Half isolates the effects of different protection domains on the conditional branch predictors (CBPs) in modern Intel processors. This work presents the first exhaustive analysis of modern conditional branch prediction structures, and reveals for the first time an unknown opportunity to physically partition all CBP structures and completely prevent leakage between two domains using the shared predictor. Half&Half is a software-only solution to branch predictor isolation that requires no changes to the hardware or ISA, and only requires minor modifications to be supported in existing compilers. We implement Half&Half in the LLVM and WebAssembly compilers and show that it incurs an order of magnitude lower overhead compared to the current state-of-the-art branch-based side-channel defenses.\",\"PeriodicalId\":439989,\"journal\":{\"name\":\"2023 IEEE Symposium on Security and Privacy (SP)\",\"volume\":\"2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 IEEE Symposium on Security and Privacy (SP)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SP46215.2023.10179309\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP46215.2023.10179309","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

本文提出了一种针对分支侧信道攻击的新型防御软件Half&Half。Half&Half隔离了现代英特尔处理器中不同保护域对条件分支预测器(CBPs)的影响。这项工作首次对现代条件分支预测结构进行了详尽的分析，并首次揭示了一个未知的机会，即使用共享预测器对所有CBP结构进行物理分区，并完全防止两个域之间的泄漏。Half&Half是一个分支预测器隔离的纯软件解决方案，不需要更改硬件或ISA，只需要在现有编译器中支持少量修改。我们在LLVM和WebAssembly编译器中实现了Half&Half，并表明与当前最先进的基于分支的侧通道防御相比，它的开销降低了一个数量级。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Half&Half: Demystifying Intel’s Directional Branch Predictors for Fast, Secure Partitioned Execution

This paper presents Half&Half, a novel software defense against branch-based side-channel attacks. Half&Half isolates the effects of different protection domains on the conditional branch predictors (CBPs) in modern Intel processors. This work presents the first exhaustive analysis of modern conditional branch prediction structures, and reveals for the first time an unknown opportunity to physically partition all CBP structures and completely prevent leakage between two domains using the shared predictor. Half&Half is a software-only solution to branch predictor isolation that requires no changes to the hardware or ISA, and only requires minor modifications to be supported in existing compilers. We implement Half&Half in the LLVM and WebAssembly compilers and show that it incurs an order of magnitude lower overhead compared to the current state-of-the-art branch-based side-channel defenses.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2023 IEEE Symposium on Security and Privacy (SP)

自引率

0.00%

发文量

期刊最新文献

TeSec: Accurate Server-side Attack Investigation for Web Applications PLA-LiDAR: Physical Laser Attacks against LiDAR-based 3D Object Detection in Autonomous Vehicle One Key to Rule Them All: Secure Group Pairing for Heterogeneous IoT Devices SoK: Cryptographic Neural-Network Computation SoK: A Critical Evaluation of Efficient Website Fingerprinting Defenses