Speculation invariance (invarspec): Faster safe execution through program analysis

© 2020 IEEE Computer Society. All rights reserved. Many hardware-based defense schemes against speculative execution attacks use special mechanisms to protect instructions while speculative, and lift the mechanisms when the instructions turn non-speculative. In this paper, we observe that speculativ...

Full description

Bibliographic Details
Main Authors: Zhao, ZN, Ji, H, Yan, M, Yu, J, Fletcher, CW, Morrison, A, Marinov, D, Torrellas, J
Other Authors: Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory
Format: Article
Language:English
Published: IEEE 2021
Online Access:https://hdl.handle.net/1721.1/137793
_version_ 1826205985201455104
author Zhao, ZN
Ji, H
Yan, M
Yu, J
Fletcher, CW
Morrison, A
Marinov, D
Torrellas, J
author2 Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory
author_facet Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory
Zhao, ZN
Ji, H
Yan, M
Yu, J
Fletcher, CW
Morrison, A
Marinov, D
Torrellas, J
author_sort Zhao, ZN
collection MIT
description © 2020 IEEE Computer Society. All rights reserved. Many hardware-based defense schemes against speculative execution attacks use special mechanisms to protect instructions while speculative, and lift the mechanisms when the instructions turn non-speculative. In this paper, we observe that speculative instructions can sometimes become Speculation Invariant before turning non-speculative. Speculation invariance means that (i) whether the instruction will execute and (ii) the instruction's operands are not a function of speculative state. Hence, we propose to lift the protection mechanisms on these instructions early, when they become speculation invariant, and issue them without protection. As a result, we improve the performance of the defense schemes without changing their security properties. To exploit speculation invariance, we present the InvarSpec framework. InvarSpec includes a program analysis pass that identifies, for each relevant instruction i, the set of older instructions that are Safe for i-i.e., those that do not prevent i from becoming speculation invariant. At runtime, the InvarSpec micro-architecture loads this information and uses it to determine when speculative instructions can be issued without protection. InvarSpec is one of the first defense schemes for speculative execution that combines cooperative compiler and hardware mechanisms. Our evaluation shows that InvarSpec effectively reduces the execution overhead of hardware defense schemes. For example, on SPEC17, it reduces the average execution overhead of fence protections from 195.3% to 108.2%, of Delay-On-Miss from 39.5% to 24.4%, and of InvisiSpec from 15.4% to 10.9%.
first_indexed 2024-09-23T13:22:10Z
format Article
id mit-1721.1/137793
institution Massachusetts Institute of Technology
language English
last_indexed 2024-09-23T13:22:10Z
publishDate 2021
publisher IEEE
record_format dspace
spelling mit-1721.1/1377932023-06-22T14:47:16Z Speculation invariance (invarspec): Faster safe execution through program analysis Zhao, ZN Ji, H Yan, M Yu, J Fletcher, CW Morrison, A Marinov, D Torrellas, J Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science © 2020 IEEE Computer Society. All rights reserved. Many hardware-based defense schemes against speculative execution attacks use special mechanisms to protect instructions while speculative, and lift the mechanisms when the instructions turn non-speculative. In this paper, we observe that speculative instructions can sometimes become Speculation Invariant before turning non-speculative. Speculation invariance means that (i) whether the instruction will execute and (ii) the instruction's operands are not a function of speculative state. Hence, we propose to lift the protection mechanisms on these instructions early, when they become speculation invariant, and issue them without protection. As a result, we improve the performance of the defense schemes without changing their security properties. To exploit speculation invariance, we present the InvarSpec framework. InvarSpec includes a program analysis pass that identifies, for each relevant instruction i, the set of older instructions that are Safe for i-i.e., those that do not prevent i from becoming speculation invariant. At runtime, the InvarSpec micro-architecture loads this information and uses it to determine when speculative instructions can be issued without protection. InvarSpec is one of the first defense schemes for speculative execution that combines cooperative compiler and hardware mechanisms. Our evaluation shows that InvarSpec effectively reduces the execution overhead of hardware defense schemes. For example, on SPEC17, it reduces the average execution overhead of fence protections from 195.3% to 108.2%, of Delay-On-Miss from 39.5% to 24.4%, and of InvisiSpec from 15.4% to 10.9%. 2021-11-08T19:27:32Z 2021-11-08T19:27:32Z 2020 2021-01-25T19:29:08Z Article http://purl.org/eprint/type/ConferencePaper https://hdl.handle.net/1721.1/137793 Zhao, ZN, Ji, H, Yan, M, Yu, J, Fletcher, CW et al. 2020. "Speculation invariance (invarspec): Faster safe execution through program analysis." Proceedings of the Annual International Symposium on Microarchitecture, MICRO, 2020-October. en 10.1109/MICRO50266.2020.00094 Proceedings of the Annual International Symposium on Microarchitecture, MICRO Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/ application/pdf IEEE MIT web domain
spellingShingle Zhao, ZN
Ji, H
Yan, M
Yu, J
Fletcher, CW
Morrison, A
Marinov, D
Torrellas, J
Speculation invariance (invarspec): Faster safe execution through program analysis
title Speculation invariance (invarspec): Faster safe execution through program analysis
title_full Speculation invariance (invarspec): Faster safe execution through program analysis
title_fullStr Speculation invariance (invarspec): Faster safe execution through program analysis
title_full_unstemmed Speculation invariance (invarspec): Faster safe execution through program analysis
title_short Speculation invariance (invarspec): Faster safe execution through program analysis
title_sort speculation invariance invarspec faster safe execution through program analysis
url https://hdl.handle.net/1721.1/137793
work_keys_str_mv AT zhaozn speculationinvarianceinvarspecfastersafeexecutionthroughprogramanalysis
AT jih speculationinvarianceinvarspecfastersafeexecutionthroughprogramanalysis
AT yanm speculationinvarianceinvarspecfastersafeexecutionthroughprogramanalysis
AT yuj speculationinvarianceinvarspecfastersafeexecutionthroughprogramanalysis
AT fletchercw speculationinvarianceinvarspecfastersafeexecutionthroughprogramanalysis
AT morrisona speculationinvarianceinvarspecfastersafeexecutionthroughprogramanalysis
AT marinovd speculationinvarianceinvarspecfastersafeexecutionthroughprogramanalysis
AT torrellasj speculationinvarianceinvarspecfastersafeexecutionthroughprogramanalysis