New Models for Understanding and Reasoning about Speculative Execution Attacks

Zecheng He, Guangyuan Hu, Ruby Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

12 Scopus citations

Abstract

Spectre and Meltdown attacks and their variants exploit hardware performance optimization features to cause security breaches. Secret information is accessed and leaked through covert or side channels. New attack variants keep appearing and we do not have a systematic way to capture the critical characteristics of these attacks and evaluate why they succeed or fail.In this paper, we provide a new attack-graph model for reasoning about speculative execution attacks. We model attacks as ordered dependency graphs, and prove that a race condition between two nodes can occur if there is a missing dependency edge between them. We define a new concept, 'security dependency', between a resource access and its prior authorization operation. We show that a missing security dependency is equivalent to a race condition between authorization and access, which is a root cause of speculative execution attacks. We show detailed examples of how our attack graph models the Spectre and Meltdown attacks, and is generalizable to all the attack variants published so far. This attack model is also very useful for identifying new attacks and for generalizing defense strategies. We identify several defense strategies with different performance-security tradeoffs. We show that the defenses proposed so far all fit under one of our defense strategies. We also explain how attack graphs can be constructed and point to this as promising future work for tool designers.

Original languageEnglish (US)
Title of host publicationProceeding - 27th IEEE International Symposium on High Performance Computer Architecture, HPCA 2021
PublisherIEEE Computer Society
Pages40-53
Number of pages14
ISBN (Electronic)9780738123370
DOIs
StatePublished - Feb 2021
Event27th Annual IEEE International Symposium on High Performance Computer Architecture, HPCA 2021 - Virtual, Seoul, Korea, Republic of
Duration: Feb 27 2021Mar 1 2021

Publication series

NameProceedings - International Symposium on High-Performance Computer Architecture
Volume2021-February
ISSN (Print)1530-0897

Conference

Conference27th Annual IEEE International Symposium on High Performance Computer Architecture, HPCA 2021
Country/TerritoryKorea, Republic of
CityVirtual, Seoul
Period2/27/213/1/21

All Science Journal Classification (ASJC) codes

  • Hardware and Architecture

Keywords

  • Hardware security
  • cache
  • covert channel
  • delayed exceptions
  • graph model
  • prediction
  • race condition
  • security dependency
  • side channel
  • speculative execution attacks

Fingerprint

Dive into the research topics of 'New Models for Understanding and Reasoning about Speculative Execution Attacks'. Together they form a unique fingerprint.

Cite this