Ultimate SLH: Taking Speculative Load Hardening to the Next Level

Zhiyuan Zhang; Gilles Barthe; Chitchanok Chuengsatiansup; Peter Schwabe; Yuval Yarom

Paper 2022/715

Ultimate SLH: Taking Speculative Load Hardening to the Next Level

Zhiyuan Zhang, University of Adelaide

Gilles Barthe, Max Planck Institute for Security and Privacy, IMDEA Software

Chitchanok Chuengsatiansup, University of Melbourne

Peter Schwabe, Max Planck Institute for Security and Privacy, Radboud University Nijmegen

Yuval Yarom, University of Adelaide

Abstract

In this paper we revisit the Spectre v1 vulnerability and software-only countermeasures. Specifically, we systematically investigate the performance penalty and security properties of multiple variants of speculative load hardening (SLH). As part of this investigation we implement the “strong SLH” variant by Patrignani and Guarnieri (CCS 2021) as a compiler extension to LLVM. We show that none of the existing variants, including strong SLH, is able to protect against all Spectre v1 attacks in practice. We do this by demonstrating, for the first time, that variable-time arithmetic instructions leak secret information even if they are executed only speculatively. We extend strong SLH to include protections also against this kind of leakage, implement the resulting full protection in LLVM, and use the SPEC2017 benchmarks to compare its performance to the existing variants of SLH and to code that uses fencing instructions to completely prevent speculative execution. We show that our proposed countermeasure offers full protection against Spectre v1 attacks at much better performance than code using fences. In fact, for several benchmarks our approach is more than twice as fast.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Published elsewhere. USENIX Security Symposium 2023
Keywords: Spectre v1 Speculative Load Hardening
Contact author(s): zhiyuan zhang @ adelaide edu au
gjbarthe @ gmail com
chitchanok chuengsatiansup @ adelaide edu au
peter @ cryptojedi org
yval @ cs adelaide edu au
History: 2023-04-30: revised; 2022-06-05: received; See all versions
Short URL: https://ia.cr/2022/715
License: CC BY-NC-ND

BibTeX

@misc{cryptoeprint:2022/715,
      author = {Zhiyuan Zhang and Gilles Barthe and Chitchanok Chuengsatiansup and Peter Schwabe and Yuval Yarom},
      title = {Ultimate SLH: Taking Speculative Load Hardening to the Next Level},
      howpublished = {Cryptology ePrint Archive, Paper 2022/715},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/715}},
      url = {https://eprint.iacr.org/2022/715}
}