摘要
介绍了瞬态执行漏洞的攻击及防御的研究现状,概述了利用现代处理器中由乱序执行和推测执行机制引起的超前执行窗口的熔断类漏洞和幽灵类漏洞,对观测微体系结构状态变化并窃取敏感信息的16个变种漏洞进行了分类,包括提前执行例外或中断后的指令漏洞和错误执行分支预测或访存消歧后的指令漏洞。讨论了缓存瞬态执行漏洞攻击的3个步骤、可恶意训练的微体系结构硬件和对应3个攻击步骤的防御方法。展望了处理器体系结构的发展方向,在设计处理器的伊始,将性能优化机制进行周密的安全性分析,兼顾性能和安全的架构是未来处理器微体系结构设计的重要趋势之一。
The current research status of attacks and defenses of transient execution vulnerabilities are introduced.The meltdown-type and spectre-type attacks which exploit the execution window caused by branch speculation and out-of-order execution in modern processors are expounded.Specific vulnerabilities which observe the micro-architectural changes to steal sensitive information are summarized,including sixteen variants exploiting the transient execution after exception or interrupted instruction,mis-predicted branch,and memory disambiguation.Three steps to construct transient execution attacks,vulnerable micro-architecture components and corresponding defense steps are discussed.The research direction of processor architecture is predicted.The methodology of introducing security analysis for performance optimization and balancing performance and security at the beginning of CPU design will be one of the important trends of computer micro-architecture design in the future.
作者
李晔
李沛南
赵路坦
侯锐
张立新
孟丹
Li Ye;Li Peinan;Zhao Lutan;Hou Rui;Zhang Lixin;Meng Dan(Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190;Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093;University of Chinese Academy of Sciences, Beijing 100049)
出处
《高技术通讯》
EI
CAS
北大核心
2020年第8期774-782,共9页
Chinese High Technology Letters
基金
中国科学院前沿科学重点研究(QYZDB-SSW-JSC010)
国家自然科学基金优秀青年科学基金(61522212)资助项目。
关键词
瞬态执行
侧信道攻击
分支预测
乱序执行
内存消岐
恶意训练分支预测器
transient execution
side-channel attacks
branch speculation
out-of-order execution
memory disambiguation
mis-trained branch prediction mechanism
