Projekte pro Jahr
Abstract
Out-of-order execution and speculative execution are among the biggest contributors to performance and efficiency of modern processors. However, they are inconsiderate, leaking secret data during the transient execution of instructions. Many solutions and hardware fixes have been proposed for mitigating transient-execution attacks. However, they either do not eliminate the leakage entirely or introduce unacceptable performance penalties.
In this paper, we propose ConTExT, a Considerate Transient Execution Technique. ConTExT is a minimal and fully backward compatible architecture change. The basic idea of ConTExT is that secrets can enter registers but not transiently leave them. ConTExT transforms Spectre from a problem that cannot be solved purely in software, to a problem that is not easy to solve, but solvable in software. For this, ConTExT requires minimal, fully backward-compatible modifications of applications, compilers, operating systems, and the hardware. ConTExT offers full protection for secrets in memory and secrets in registers. With ConTExT-light, we propose a software-only solution of ConTExT for existing commodity CPUs protecting secrets in memory. We evaluate the security and performance of ConTExT. Even when over-approximating with ConTExT-light, we observe no performance overhead for unprotected code and data, and an overhead between 0% and 338% for security-critical applications while protecting against all Spectre variants.
In this paper, we propose ConTExT, a Considerate Transient Execution Technique. ConTExT is a minimal and fully backward compatible architecture change. The basic idea of ConTExT is that secrets can enter registers but not transiently leave them. ConTExT transforms Spectre from a problem that cannot be solved purely in software, to a problem that is not easy to solve, but solvable in software. For this, ConTExT requires minimal, fully backward-compatible modifications of applications, compilers, operating systems, and the hardware. ConTExT offers full protection for secrets in memory and secrets in registers. With ConTExT-light, we propose a software-only solution of ConTExT for existing commodity CPUs protecting secrets in memory. We evaluate the security and performance of ConTExT. Even when over-approximating with ConTExT-light, we observe no performance overhead for unprotected code and data, and an overhead between 0% and 338% for security-critical applications while protecting against all Spectre variants.
Originalsprache | englisch |
---|---|
Titel | Network and Distributed System Security Symposium 2020 |
Seitenumfang | 18 |
DOIs | |
Publikationsstatus | Veröffentlicht - Feb. 2020 |
Veranstaltung | Network and Distributed System Security Symposium 2020 - San Diego, USA / Vereinigte Staaten Dauer: 23 Feb. 2020 → 26 Feb. 2020 |
Konferenz
Konferenz | Network and Distributed System Security Symposium 2020 |
---|---|
Kurztitel | NDSS |
Land/Gebiet | USA / Vereinigte Staaten |
Ort | San Diego |
Zeitraum | 23/02/20 → 26/02/20 |
ASJC Scopus subject areas
- Informatik (insg.)
Fingerprint
Untersuchen Sie die Forschungsthemen von „ConTExT: A Generic Approach for Mitigating Spectre“. Zusammen bilden sie einen einzigartigen Fingerprint.Projekte
- 3 Abgeschlossen
-
Espresso - Skalierbare hardware-gesicherte authentifizierung und Personalisierung intelligenter Sensorknoten
1/05/18 → 31/10/20
Projekt: Foschungsprojekt
-
Dessnet - Zuverlässige, sichere und zeitnahe Sensornetzwerke
Mangard, S., Glanzer, C., Görtschacher, L. J., Bösch, W., Grosinger, J., Fischbacher, R. B., Deutschmann, B. & Shetty, D.
1/06/17 → 31/07/21
Projekt: Foschungsprojekt
-
EU - SOPHIA - Absicherung von Software gegen Physische Angriffe
1/09/16 → 31/08/21
Projekt: Foschungsprojekt
Aktivitäten
- 1 Vortrag bei Konferenz oder Fachtagung
-
ConTExT: A Generic Approach for Mitigating Spectre
Michael Schwarz (Redner/in)
26 Feb. 2020Aktivität: Vortrag oder Präsentation › Vortrag bei Konferenz oder Fachtagung › Science to science