Paper 2022/715

Breaking and Fixing Speculative Load Hardening

Zhiyuan Zhang, University of Adelaide
Gilles Barthe, Max Planck Institute for Security and Privacy, IMDEA Software
Chitchanok Chuengsatiansup, University of Adelaide
Peter Schwabe, Max Planck Institute for Security and Privacy, Radboud University Nijmegen
Yuval Yarom, University of Adelaide
Abstract

In this paper we revisit the Spectre v1 vulnerability and software-only countermeasures. Specifically, we systematically investigate the performance penalty and security properties of multiple variants of speculative load hardening (SLH). As part of this investigation we implement the “strong SLH” variant by Patrignani and Guarnieri (CCS 2021) as a compiler extension to LLVM. We show that none of the existing variants, including strong SLH, is able to protect against all Spectre v1 attacks in practice. We do this by demonstrating, for the first time, that variable-time arithmetic instructions leak secret information even if they are executed only speculatively. We extend strong SLH to include protections also against this kind of leakage, implement the resulting full protection in LLVM, and use the SPEC2017 benchmarks to compare its performance to the existing variants of SLH and to code that uses fencing instructions to completely prevent speculative execution. We show that our proposed countermeasure is able to offer full protection against Spectre v1 attacks at much better performance than code using fences. In fact, for several benchmarks our approach is more than twice as fast.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
Spectre v1 Speculative Load Hardening
Contact author(s)
zhiyuan zhang @ adelaide edu au
gjbarthe @ gmail com
chitchanok chuengsatiansup @ adelaide edu au
peter @ cryptojedi org
yval @ cs adelaide edu au
History
2022-06-06: approved
2022-06-05: received
See all versions
Short URL
https://ia.cr/2022/715
License
Creative Commons Attribution-NonCommercial-NoDerivs
CC BY-NC-ND

BibTeX

@misc{cryptoeprint:2022/715,
      author = {Zhiyuan Zhang and Gilles Barthe and Chitchanok Chuengsatiansup and Peter Schwabe and Yuval Yarom},
      title = {Breaking and Fixing Speculative Load Hardening},
      howpublished = {Cryptology ePrint Archive, Paper 2022/715},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/715}},
      url = {https://eprint.iacr.org/2022/715}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.