diff options
author | Iru Cai <mytbk920423@gmail.com> | 2019-05-10 00:24:35 +0800 |
---|---|---|
committer | Iru Cai <mytbk920423@gmail.com> | 2019-05-10 00:24:35 +0800 |
commit | b445a8d66a0bd5cd31f3d2f80a23065ed7bea6aa (patch) | |
tree | 6a283c2f1c2f5ce5ceba7f9138fcb11aaf721a6e | |
parent | c0f7e397417d556803e7064a5fe1808ac821a10b (diff) | |
download | dissertation-b445a8d66a0bd5cd31f3d2f80a23065ed7bea6aa.tar.xz |
upd
-rw-r--r-- | chap/chap3.tex | 12 | ||||
-rw-r--r-- | thesis.bib | 17 |
2 files changed, 25 insertions, 4 deletions
diff --git a/chap/chap3.tex b/chap/chap3.tex index 8fe2c08..c9297e2 100644 --- a/chap/chap3.tex +++ b/chap/chap3.tex @@ -28,10 +28,14 @@ Spectre 型攻击的防御方案可以分为三类:阻止推测式执行、防 \subsection{软件防御方案} -为了防御Spectre v1,Intel和AMD建议在分支指令后插入lfence指令阻止推测式 -执行。由于lfence性能开销大,LLVM提出推测式装载指令加固(Speculative - Load Hardening)\supercite{spec-load-hardening} 技术,它的作用是在指 -令流中添加数据相关,使得装载指令使用的地址依赖于分支结果。 +Intel 和 AMD 都提出了在分支指令后插入 lfence 指令阻止推测式执行的方 +法。\supercite{intel-spectre}\supercite{amd-spectre}lfence 指令在此作 +为一条串行化指令使用,可以在 lfence 指令提交前阻止新的指令执行,从而阻 +止了程序在推测式执行中对秘密数据进行操作。 + +由于 lfence 性能开销大,LLVM提出推测式装载指令加固(Speculative +Load Hardening)\supercite{spec-load-hardening} 技术,它的作用是在指令 +流中添加数据相关,使得装载指令使用的地址依赖于分支结果。 retpoline\supercite{retpoline} 是 Google 提出的防御 Spectre-BTB 的方法。 它的作用是把程序中的间接转移指令修改为一个指令序列,最终使用 ret 指令 @@ -141,6 +141,23 @@ year={2018}, } +@online{intel-spectre, + title = {Intel Analysis of Speculative Execution Side Channels}, + url = {https://software.intel.com/security-software-guidance/api-app/sites/default/files/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf}, + author = {Intel}, + year = {2018}, + month = 7, + version = {Revision 4.0}, +} + +@online{amd-spectre, + title = {SOFTWARE TECHNIQUES FOR MANAGING SPECULATION ON AMD PROCESSORS}, + url = {https://developer.amd.com/wp-content/resources/90343-B_SoftwareTechniquesforManagingSpeculation_WP_7-18Update_FNL.pdf}, + author = {AMD}, + year = {2018}, + version = {Revision 7.10.18}, +} + @inproceedings{branchscope, author = {Evtyushkin, Dmitry and Riley, Ryan and Abu-Ghazaleh, Nael CSE and ECE and Ponomarev, Dmitry}, title = {BranchScope: A New Side-Channel Attack on Directional Branch Predictor}, |