@inproceedings{5b5ea36c3f1b418b946e68649d6eb160,
title = "New Models for Understanding and Reasoning about Speculative Execution Attacks",
abstract = "Spectre and Meltdown attacks and their variants exploit hardware performance optimization features to cause security breaches. Secret information is accessed and leaked through covert or side channels. New attack variants keep appearing and we do not have a systematic way to capture the critical characteristics of these attacks and evaluate why they succeed or fail.In this paper, we provide a new attack-graph model for reasoning about speculative execution attacks. We model attacks as ordered dependency graphs, and prove that a race condition between two nodes can occur if there is a missing dependency edge between them. We define a new concept, 'security dependency', between a resource access and its prior authorization operation. We show that a missing security dependency is equivalent to a race condition between authorization and access, which is a root cause of speculative execution attacks. We show detailed examples of how our attack graph models the Spectre and Meltdown attacks, and is generalizable to all the attack variants published so far. This attack model is also very useful for identifying new attacks and for generalizing defense strategies. We identify several defense strategies with different performance-security tradeoffs. We show that the defenses proposed so far all fit under one of our defense strategies. We also explain how attack graphs can be constructed and point to this as promising future work for tool designers.",
keywords = "Hardware security, cache, covert channel, delayed exceptions, graph model, prediction, race condition, security dependency, side channel, speculative execution attacks",
author = "Zecheng He and Guangyuan Hu and Ruby Lee",
note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 27th Annual IEEE International Symposium on High Performance Computer Architecture, HPCA 2021 ; Conference date: 27-02-2021 Through 01-03-2021",
year = "2021",
month = feb,
doi = "10.1109/HPCA51647.2021.00014",
language = "English (US)",
series = "Proceedings - International Symposium on High-Performance Computer Architecture",
publisher = "IEEE Computer Society",
pages = "40--53",
booktitle = "Proceeding - 27th IEEE International Symposium on High Performance Computer Architecture, HPCA 2021",
address = "United States",
}