ConTExT: A Generic Approach for Mitigating Spectre

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandBegutachtung

Abstract

Out-of-order execution and speculative execution are among the biggest contributors to performance and efficiency of modern processors. However, they are inconsiderate, leaking secret data during the transient execution of instructions. Many solutions and hardware fixes have been proposed for mitigating transient-execution attacks. However, they either do not eliminate the leakage entirely or introduce unacceptable performance penalties.

In this paper, we propose ConTExT, a Considerate Transient Execution Technique. ConTExT is a minimal and fully backward compatible architecture change. The basic idea of ConTExT is that secrets can enter registers but not transiently leave them. ConTExT transforms Spectre from a problem that cannot be solved purely in software, to a problem that is not easy to solve, but solvable in software. For this, ConTExT requires minimal, fully backward-compatible modifications of applications, compilers, operating systems, and the hardware. ConTExT offers full protection for secrets in memory and secrets in registers. With ConTExT-light, we propose a software-only solution of ConTExT for existing commodity CPUs protecting secrets in memory. We evaluate the security and performance of ConTExT. Even when over-approximating with ConTExT-light, we observe no performance overhead for unprotected code and data, and an overhead between 0% and 338% for security-critical applications while protecting against all Spectre variants.
Originalspracheenglisch
TitelNetwork and Distributed System Security Symposium 2020
Seitenumfang18
DOIs
PublikationsstatusVeröffentlicht - Feb 2020
VeranstaltungNetwork and Distributed System Security Symposium 2020 - San Diego, USA / Vereinigte Staaten
Dauer: 23 Feb 202026 Feb 2020

Konferenz

KonferenzNetwork and Distributed System Security Symposium 2020
KurztitelNDSS
LandUSA / Vereinigte Staaten
OrtSan Diego
Zeitraum23/02/2026/02/20

ASJC Scopus subject areas

  • Informatik (insg.)

Fingerprint

Untersuchen Sie die Forschungsthemen von „ConTExT: A Generic Approach for Mitigating Spectre“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren