1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
% Copyright (c) 2014,2016 Casper Ti. Vector
% Public domain.
\begin{cabstract}
现代微处理器设计主要需要考虑性能和功耗。但随着软硬件系统越来越复杂,
安全性在处理器设计中越来越重要。熔断(Meltdown)和幽灵(Spectre)攻
击的发现,表明处理器微体系结构的优化,虽然不影响程序的正确运行,但是
可能带来安全性的问题。其中 Spectre 攻击利用处理器的推测式执行,通过
暂态指令的执行构造隐蔽信道,将程序中的秘密信息泄露给攻击者,破坏了程
序的安全保证和系统的隔离性。由于推测式执行是微处理器设计中提升性能的
重要手段,在防御 Spectre攻击的同时,减少防御手段带来的性能下降,是一
个重要的问题。
本文基于模拟平台,针对推测式执行侧信道攻击设计实现了一种防御结构。主
要工作内容如下:
\begin{enumerate}
\item 调研 Meltdown 和 Spectre 攻击技术,分析其技术原理。
\item 调研现有的 Meltdown 和 Spectre 防御方案,分析这些方案的设计思
想、实现方法、安全性和性能开销。
\item 设计一种针对 Spectre 攻击的防御结构,并在模拟平台中实现。该结
构动态追踪信息流,检测推测式执行的指令与推测的内存读取之间的依赖关
系,标记存在数据泄露风险的指令。进一步地,针对有风险的内存读取指令,
采用安全的数据装载方案,避免在高速缓存状态中留下暂态执行的痕迹。
\item 基于模拟平台对该防御结构进行评估。利用构造的攻击程序进行测试,
表明该防御结构可以防御测试中的攻击,满足安全性要求。利用 SPEC
CPU2006 进行性能评测,平均性能开销为 8.5\%,需要安全执行的推测式数
据读取显著减少,降低了防御的性能开销。
\end{enumerate}
\end{cabstract}
\begin{eabstract}
Performance and power consumption are the main factors of modern
processor design. As software and hardware become more and more
complex, security is becoming important in computer system
design. The disclosure of Meltdown and Spectre shows that
microarchitecture optimizations can break the security of the
system, although the programs still run correctly. Spectre exploits
speculative execution, constructing covert channel with transient
instructions, and leak secret information to the attacker, breaking
the security guarentee of the program and system isolation. Since
speculative execution is an important method to optimize the
execution, it's complex to defend against Spectre attack, while
minimize the performance loss of the defense.
This thesis designs a microarchitecture to defend against Spectre
attack, based on the gem5 simulation platform, and evaluates the
design. The contribution of this thesis is as follows:
\begin{itemize}
\item Investigate on current side-channel attack, Meltdown and
Spectre attack, and analyze how these attacks work
\item Investigate on current defenses of Meltdown and Spectre
attack, analyze their idea, implementation, security and overhead
\item Design a microarchitecture to defend against spectre attack
and simulate it on gem5. This microarchitecture is based on
dynamic information flow tracking, which detects whether a
speculating instruction directly or indirectly depends on a value
loaded from memory, which may result in a leakage. This thesis
combines this method with InvisiSpec, a scheme to execute
speculating load safely, and implement these models on gem5.
\item Evaluate the security and performance of this
microarchitecture. Tested with a constructed proof of concept code
on gem5, this microarchitecture design has the expected security
feature. Evaluated with SPEC CPU2006, this microarchitecture has
an average performance overhead of 8.5\%, better than using DIFT
or InvisiSpec only.
\end{itemize}
\end{eabstract}
% vim:ts=4:sw=4
|