1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
% Copyright (c) 2014,2016 Casper Ti. Vector
% Public domain.
\begin{cabstract}
现代微处理器设计主要考虑性能和功耗。随着软硬件变得越来越复杂,安全在
计算机系统的设计中逐渐受到重视。Meltdown 和 Spectre 攻击的发现,表明
处理器微体系结构的优化,虽然不影响程序的正确运行,但是可能破坏系统的安全
性。其中 Spectre 攻击利用处理器的推测式执行,通过暂态指令的执行构造隐
蔽信道,将程序中的秘密信息泄露给攻击者,破坏了程序的安全保证和系统的
隔离性。由于推测式执行是处理器优化执行性能的重要手段,在防御 Spectre
攻击的同时,减少防御手段带来的性能下降,是一个复杂的问题。
本文基于 gem5 模拟平台,设计了一种用于防御 Spectre 攻击的微体系结构,并
对其进行评估。主要工作内容如下:
\begin{enumerate}
\item 调研现有的侧信道攻击、Meltdown 和 Spectre 攻击技术,深入分析这
些攻击技术的原理。
\item 调研现有的 Meltdown 和 Spectre 防御方案,分析这些方案的设计思
想、实现方法、安全性和开销
\item 设计一种用于防御 Spectre 攻击的微体系结构,并在 gem5 中模拟。该微架
构基于动态信息流追踪技术,它用于检测推测式执行中的指令是否直接或间
接依赖一个推测式执行中从内存装载的值,进而可能泄露数据。本文将这种
技术和已有的安全装载数据的方案 InvisiSpec 结合使用,并在 gem5 中实
现了这些模型。
\item 评测这种微体系结构的安全性和性能。在 gem5 中模拟这种微体系结构,用构造
的验证程序进行测试,表明设计的微体系结构满足本文的安全特性。用 SPEC
CPU2006 进行性能评测,平均性能开销为 8.5\%,优于只使用动态信息流追
踪检测技术或只使用 InvisiSpec 的模型的性能。
\end{enumerate}
\end{cabstract}
\begin{eabstract}
Performance and power consumption are the main factors of modern
processor design. As software and hardware become more and more
complex, security is becoming important in computer system
design. The disclosure of Meltdown and Spectre shows that
microarchitecture optimizations can break the security of the
system, although the programs still run correctly. Spectre exploits
speculative execution, constructing covert channel with transient
instructions, and leak secret information to the attacker, breaking
the security guarentee of the program and system isolation. Since
speculative execution is an important method to optimize the
execution, it's complex to defend against Spectre attack, while
minimize the performance loss of the defense.
This thesis designs a microarchitecture to defend against Spectre
attack, based on the gem5 simulation platform, and evaluates the
design. The contribution of this thesis is as follows:
\begin{enumerate}
\item Investigate on current side-channel attack, Meltdown and
Spectre attack, and analyze how these attacks work
\item Investigate on current defenses of Meltdown and Spectre
attack, analyze their idea, implementation, security and overhead
\item Design a microarchitecture to defend against spectre attack
and simulate it on gem5. This microarchitecture is based on
dynamic information flow tracking, which detects whether a
speculating instruction directly or indirectly depends on a value
loaded from memory, which may result in a leakage. This thesis
combines this method with InvisiSpec, a scheme to execute
speculating load safely, and implement these models on gem5.
\item Evaluate the security and performance of this
microarchitecture. Tested with a constructed proof of concept code
on gem5, this microarchitecture design has the expected security
feature. Evaluated with SPEC CPU2006, this microarchitecture has
an average performance overhead of 8.5\%, better than using DIFT
or InvisiSpec only.
\end{enumerate}
\end{eabstract}
% vim:ts=4:sw=4
|
