摘要
新近发现的spectre攻击对计算机安全提出了严峻挑战。该攻击利用处理器推测执行过程中留下的不可消除的微架构(如缓存)状态变化,结合侧信道技术,泄露私密数据。该文首先研究spectre攻击的指令执行流程,提出阶段模型并深入分析利用漏洞所需满足的竞争条件,随后提出一种旨在避免攻击者满足竞争条件的防御方案,即exLCL。基于gem5的模拟实验证明了exLCL的有效性和可行性。与现有防御方案相比,exLCL处理逻辑更简单。
The newly discovered spectre attack poses severe challenges to computer security.The attacker leaks secret data by exploiting the indelible micro-architecture(such as cache)state changes left by speculative execution commands combined with the cache side channels.This paper first describes the instruction execution process of the spectre attack,presents a stage model for the attack,and identifies the competition conditions when a vulnerability can be exploited.Then,a defense entitled exLCL(extended L1 cache latency)is presented for preventing an attacker from meeting the competition conditions.Simulations based on gem5 show the effectiveness and feasibility of the exLCL defense which has simpler logic than existing defenses.
作者
王少清
赵有健
吕志远
WANG Shaoqing;ZHAO Youjian;LÜ Zhiyuan(Department of Computer Science and Technology,Tsinghua University,Beijing 100084,China;Peng Cheng Laboratory,Shenzhen 518000,China)
出处
《清华大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2021年第11期1221-1227,共7页
Journal of Tsinghua University(Science and Technology)