1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
% Copyright (c) 2014,2016 Casper Ti. Vector
% Public domain.
\begin{cabstract}
现代微处理器设计主要需要考虑性能和功耗。但随着软硬件系统越来越复杂,
安全性在处理器设计中越来越重要。熔断(Meltdown)和幽灵(Spectre)攻
击的发现,表明处理器微体系结构的优化,虽然不影响程序的正确运行,但是
可能带来安全性的问题。其中 Spectre 攻击利用处理器的推测式执行,通过
暂态指令的执行构造隐蔽信道,将程序中的秘密信息泄露给攻击者,破坏了程
序的安全保证和系统的隔离性。由于推测式执行是微处理器设计中提升性能的
重要手段,在防御 Spectre 攻击的同时,减少防御手段带来的性能下降,是一
个重要的问题。
本文基于模拟平台,针对推测式执行侧信道攻击设计实现了一种防御结构。主
要工作内容如下:
\begin{enumerate}
\item 调研 Meltdown 和 Spectre 攻击,分析其技术原理。
\item 调研现有的 Meltdown 和 Spectre 防御方案,分析这些方案的设计思
想、实现方法、安全性和性能开销。
\item 设计一种针对 Spectre 攻击的防御结构,并在模拟平台中实现。该结
构动态追踪信息流,检测推测式执行的指令与推测的内存读取之间的依赖关
系,标记存在数据泄露风险的指令。进一步地,针对有风险的内存读取指令,
采用安全的数据装载方案,避免在高速缓存状态中留下暂态执行的痕迹。
\item 基于模拟平台对该防御结构进行评估。利用构造的攻击程序进行测试,
表明该防御结构可以防御测试中的攻击,满足安全性要求。利用 SPEC
CPU2006 进行性能评测,平均性能开销为 8.5\%,需要安全执行的推测式数
据读取显著减少,降低了防御的性能开销。
\end{enumerate}
\end{cabstract}
\begin{eabstract}
Performance and power consumption are the main factors of modern
processor design. As software and hardware systems become more and
more complex, security is becoming important in microprocessor
design. The disclosure of Meltdown and Spectre shows that
microarchitecture optimizations can bring security issues, although
the programs still run correctly. Spectre exploits speculative
execution, constructing covert channel with transient instructions,
and leak secret information to the attacker, breaking the security
guarentee of the program and system isolation. Since speculative
execution is an important method to optimize the performance in
microprocessor design, it's important to defend against Spectre
attack, while minimize the performance loss of the defense.
This thesis designs a microarchitecture to defend against
speculation side channels based on the a simulation platform. The
contribution of this thesis is as follows:
\begin{enumerate}
\item Investigate on Meltdown and Spectre attacks, and analyze how
these attacks work.
\item Investigate on current defenses of Meltdown and Spectre
attacks, analyze their idea, implementation, security and
performance overhead.
\item Design a microarchitecture to defend against spectre attack
and implement it on a simulation platform. This microarchitecture
tracks the information flow, detecting the dependency of a
speculated instruction and a speculated data load from memory, and
tags the instruction which may leak data. For memory reads which
is likely unsafe, a safe loading mechanism is used, avoiding
leaving transient execution side effects in the cache.
\item Evaluate the microarchitecture on the simulation
platform. Tested with a constructed proof of concept code, this
microarchitecture design can defend the tested attacks, meeting
the security requirement. Evaluated with SPEC CPU2006, this
microarchitecture has an average performance overhead of 8.5\%,
and the number of speculated loads that need to be safely executed
is significantly decreased, thus the performance overhead of the
defence is smaller.
\end{enumerate}
\end{eabstract}
% vim:ts=4:sw=4
|
