摘要
现代处理器优化机制众多,设计人员在追求性能提升时,往往忽略背后的安全风险。时间侧信道攻击因其影响面广且隐蔽性好已成为最主要的安全威胁之一。随着瞬态执行攻击的出现,时间侧信道攻击的能力被进一步扩展,计算系统的安全基础被动摇。为此,处理器厂商及安全人员提出了大量防御机制。这些机制具有不同的防护能力及性能开销。与此同时,新的瞬态执行漏洞和隐蔽信道也不断被发现,已提出的防御机制被不断突破。围绕处理器时间侧信道攻防技术的博弈日益激烈。本文从基本攻击原理出发,对现有时间侧信道攻击进行了归纳总结,并在此基础上进一步分析了相关防御机制的保护能力和性能瓶颈,从而梳理出时间侧信道攻防技术的发展趋势,为未来软硬件系统开发和安全技术探索提供参考。
The designers of modern processors have proposed a variety of optimizations to pursuit extreme performace,yet they often underestimate the hidden security risk behind them.Timing-based side channel attacks are the most fa-mous type of security threats.With the emergence of transient execution attacks,the capability of timing-based side channel attacks is further extended so that the foundation of many upper defenses is shaken.To defeating these at-tacks,a large number of defenses have been proposed by processor vendors and developers.They have different protection scopes and performance overheads.Meantime,newer transient execution vulnerabilities and covert chan-nels are being discovered continuously to bypass these mechanisms.The war between attacks and defenses of tim-ing-based side channels is ignited.This work will introduce the principles of various attack and defense techniques,and review the protection scopes and performance overheads of the representative defense work.This work aims to provide a comprehensive roadmap for new hardware and software development,and also inspire the following securi-ty technology exploration.
作者
唐博文
武成岗
王喆
TANG Bowen;WU Chenggang;WANG Zhe(State Key Laboratory of Processors,Institute of Computing Technology,Chinese Academy of Sciences,Beijing 100190;University of Chinese Academy of Sciences,Beijing 100049)
出处
《高技术通讯》
CAS
北大核心
2024年第5期439-452,共14页
Chinese High Technology Letters
基金
国家自然科学基金青年基金(61902374)
国家自然科学基金联合重点基金(U1736208)资助项目。
关键词
处理器微架构
时间侧信道攻击
隐蔽信道
瞬态执行攻击
投机执行
防御技术
microarchitecutre
timing-based side channel attack
covert channel
transient execution attack
speculative execution
defense mechanism
