@inproceedings{f29e803c2a9749d68ccb07e0b7898ff4,
title = "SoK: Hardware Defenses Against Speculative Execution Attacks",
abstract = "Speculative execution attacks leverage the speculative and out-of-order execution features in modern computer processors to access secret data or execute code that should not be executed. Secret information can then be leaked through a covert channel. While software patches can be installed for mitigation on existing hardware, these solutions can incur big performance overhead. Hardware mitigation is being studied extensively by the computer architecture community. It has the benefit of preserving software compatibility and the potential for much smaller performance overhead than software solutions.This paper presents a systematization of the hardware defenses against speculative execution attacks that have been proposed. We show that speculative execution attacks consist of 6 critical attack steps. We propose defense strategies, each of which prevents a critical attack step from happening, thus preventing the attack from succeeding. We then summarize 20 hardware defenses and overhead-reducing features that have been proposed. We show that each defense proposed can be classified under one of our defense strategies, which also explains why it can thwart the attack from succeeding. We discuss the scope of the defenses, their performance overhead, and the security-performance trade-offs that can be made.",
keywords = "Hardware Security, Speculative Execution Attacks",
author = "Guangyuan Hu and Zecheng He and Lee, {Ruby B.}",
note = "Funding Information: Future work can consider new attacks and defenses, using and adding to our taxonomies of attacks and defenses. New defenses can be proposed to reduce the performance overhead and/or cover more attack types. For fair comparisons, new defenses should compare their performance with those that target the same set of exploited vulnerabilities, secret accesses and covert channels. Acknowledgements. This work was supported in part by NSF SaTC #1814190, SRC Hardware Security #2844 and a Qualcomm Faculty Award for Prof. Lee. We thank Shuwen Deng and Jakub Szefer for help with initial performance numbers. Publisher Copyright: {\textcopyright} 2021 IEEE.; 1st International Symposium on Secure and Private Execution Environment Design, SEED 2021 ; Conference date: 20-09-2021 Through 21-09-2021",
year = "2021",
doi = "10.1109/SEED51797.2021.00023",
language = "English (US)",
series = "Proceedings - 2021 International Symposium on Secure and Private Execution Environment Design, SEED 2021",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "108--120",
booktitle = "Proceedings - 2021 International Symposium on Secure and Private Execution Environment Design, SEED 2021",
address = "United States",
}