and effi ficient speculative execution
play

and Effi ficient Speculative Execution JIYONG YU, NAMRATA MANTRI, - PowerPoint PPT Presentation

Jul 09, 2023 •247 likes •833 views

ISCA20 Section 5B Speculative Data-Oblivious Execution: Mobilizing Safe Prediction For Safe and Effi ficient Speculative Execution JIYONG YU, NAMRATA MANTRI, JOSEP TORRELLAS, ADAM MORRISON*, CHRISTOPHER W. FLETCHER UNIVERSITY OF ILLINOIS AT

  1. ISCA’20 Section 5B Speculative Data-Oblivious Execution: Mobilizing Safe Prediction For Safe and Effi ficient Speculative Execution JIYONG YU, NAMRATA MANTRI, JOSEP TORRELLAS, ADAM MORRISON*, CHRISTOPHER W. FLETCHER UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN ∗ TEL AVIV UNIVERSITY 1

  2. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Execution Attacks ▪ Attacker exploits speculative execution to leak data through hardware usage 2

  3. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Execution Attacks ▪ Attacker exploits speculative execution to leak data through hardware usage Speculation starts if (addr < N) { // speculation // access instruction secret = load [addr]; // transmit instruction transmit secret; } time 3

  4. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Execution Attacks ▪ Attacker exploits speculative execution to leak data through hardware usage if (addr < N) { // speculation Speculative secret // access instruction is accessed secret = load [addr]; // transmit instruction transmit secret; } time 4

  5. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Execution Attacks ▪ Attacker exploits speculative execution to leak data through hardware usage if (addr < N) { // speculation // access instruction secret = load [addr]; Speculative secret is transmitted // transmit instruction via hardware usage transmit secret; } time 5

  6. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Execution Attacks ▪ Attacker exploits speculative execution to leak data through hardware usage if (addr < N) { // speculation // access instruction secret = load [addr]; Speculative secret is transmitted // transmit instruction via hardware usage transmit secret; } Shared hardware time 6

  7. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Execution Attacks ▪ Attacker exploits speculative execution to leak data through hardware usage if (addr < N) { // speculation addr < N // access instruction secret = load [addr]; // transmit instruction transmit secret; } Shared hardware time 7

  8. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Execution Attacks ▪ Attacker exploits speculative execution to leak data through hardware usage if (addr < N) { // speculation addr > N // access instruction secret = load [addr]; // transmit instruction transmit secret; } Shared hardware time 8

  9. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Execution Attacks ▪ Attacker exploits speculative execution to leak data through hardware usage if (addr < N) { // speculation addr > N // access instruction secret = load [addr]; // transmit instruction transmit secret; Attacker infers secret via } hardware state Shared hardware time 9

  10. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Existing Mitigations ▪ How to deal with ? transmit secret 10

  11. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Existing Mitigations Transmit Hardware ▪ How to deal with ? transmit secret instruction vulnerability ▪ Solution: Delayed Execution load Cache side channel ▪ Prior works: SpecShield [PACT’19], NDA [MICRO’19], STT [MICRO’19] Floating point Subnormal floating operations point …… …… 11

  12. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Existing Mitigations Transmit Hardware ▪ How to deal with ? transmit secret instruction vulnerability ▪ Solution: Delayed Execution load Cache side channel ▪ Prior works: SpecShield [PACT’19], NDA [MICRO’19], STT [MICRO’19] Floating point Subnormal floating operations point …… …… if (addr < N) { // speculation // access instruction secret = load [addr]; // transmit instruction Delaying execution transmit secret; } 12

  13. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Existing Mitigations Transmit Hardware ▪ How to deal with ? transmit secret instruction vulnerability ▪ Solution: Delayed Execution load Cache side channel ▪ Prior works: SpecShield [PACT’19], NDA [MICRO’19], STT [MICRO’19] Floating point Subnormal floating operations point ▪ Strong security guarantee …… …… ▪ High performance overhead 13

  14. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Existing Mitigations ▪ How to deal with ? transmit secret Register File ▪ Solution: Delayed Execution … ▪ Prior works: SpecShield [PACT’19], NDA [MICRO’19], secret transmit Execute Unit STT [MICRO’19] Improve the performance of Delayed Execution … ▪ Problem: High performance overhead and instruction instruction instruction instruction Maintain its security guarantee 14

  15. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Data Oblivious (SDO): Executive Summary 15

  16. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Data Oblivious (SDO): Executive Summary Idea 1. Execute transmit secret High performance eliminating operand-dependent hardware usage 16

  17. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Data Oblivious (SDO): Executive Summary Idea 1. Execute transmit secret by eliminating operand-dependent hardware usage (being data oblivious) High security, low performance High performance eliminating operand-dependent hardware usage 17

  18. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Data Oblivious (SDO): Executive Summary Idea 1. Execute transmit secret by eliminating operand-dependent hardware usage (being data oblivious) High security, low performance High performance Idea 2. Predict how the execution should be performed eliminating operand-dependent hardware usage 18

  19. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Data Oblivious (SDO): Executive Summary Idea 1. Execute transmit secret by eliminating operand-dependent hardware usage (being data oblivious) High security, low performance High performance Idea 2. Predict how the execution should be performed Problem : combining idea 1 & 2 creates security problems Solution : build on top of Speculative Taint Tracking (STT) 19

  20. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Example: Subnormal Floating-point Operation ▪ Double-precision floating point ▪ Normal input: (2.23e−308, 1.79e308), processed by Floating -Point Unit (FPU) ▪ Subnormal input: (4.9e−324, 2.23e−308), requiring microcode assist Latency = X (a is normal) && Fast path (FPU only) (b is normal) a = fpop a, b Latency = Y > X (a is subnormal) || Slow path (with (b is subnormal) microcode assist) 20

  21. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Problem: Leaking Whether Input is Normal/Subnormal Latency = X Fast path (FPU only) // owned by victim a = fpmult a, b Latency = Y > X Slow path (with microcode assist) // owned by attacker c = fpmult c, d 21

  22. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Problem: Leaking Whether Input is Normal/Subnormal Latency = X Fast path (FPU only) // owned by victim a = fpmult a, b Latency = Y > X Slow path (with microcode assist) // owned by attacker c = fpmult c, d a = fpmult a, b c = fpmult c, d Both a and b timeline are normal 0 X Using fast path 22

  23. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Problem: Leaking Whether Input is Normal/Subnormal Latency = X Fast path (FPU only) // owned by victim a = fpmult a, b Latency = Y > X Slow path (with microcode assist) // owned by attacker c = fpmult c, d a = fpmult a, b c = fpmult c, d Both a and b timeline are normal 0 X Using fast path c = fpmult c, d a = fpmult a, b a or b is timeline subnormal Using slow path Y 0 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Harmonizing Speculative and Non-Speculative Execution in Architectures for Ordered Parallelism

Harmonizing Speculative and Non-Speculative Execution in Architectures for Ordered Parallelism

Harmonizing Speculative and Non-Speculative Execution in Architectures for Ordered Parallelism MA MARK C. JEFFR FFREY , VICTOR A. YING, SUVINAY SUBRAMANIAN, HYUN RYONG LEE, JOEL EMER, DANIEL SANCHEZ MI MICRO 2018 There is a (false)

1.48k views • 130 slides
SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities

SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities

SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities Yuan Xiao, Yinqian Zhang, Radu Teodorescu The Ohio State University SPEculative Execution side Channel Hardware (SPEECH) Vulnerabilities Leverage

512 views • 24 slides
Speculative Plan Execution for Information Agents Greg Barish University of Southern California

Speculative Plan Execution for Information Agents Greg Barish University of Southern California

Speculative Plan Execution for Information Agents Greg Barish University of Southern California Information Sciences Institute Advisor : Professor Craig A. Knoblock 1 Outline 1. Review and motivating example 2. Speculative plan execution 3.

1.15k views • 69 slides
FRACTAL AN EXECUTION MODEL FOR FINE-GRAIN NESTED SPECULATIVE PARALLELISM SU SUVINAY Y SU

FRACTAL AN EXECUTION MODEL FOR FINE-GRAIN NESTED SPECULATIVE PARALLELISM SU SUVINAY Y SU

FRACTAL AN EXECUTION MODEL FOR FINE-GRAIN NESTED SPECULATIVE PARALLELISM SU SUVINAY Y SU SUBRAMANIAN , MARK C. JEFFREY, MALEEN ABEYDEERA, HYUN RYONG LEE, VICTOR A. YING, JOEL EMER, DANIEL SANCHEZ IS ISCA 2017 Current speculative systems

984 views • 47 slides
Data-Centric Execution of Speculative Parallel Programs MA MARK JEFFREY, SUVINAY SUBRAMANIAN,

Data-Centric Execution of Speculative Parallel Programs MA MARK JEFFREY, SUVINAY SUBRAMANIAN,

Data-Centric Execution of Speculative Parallel Programs MA MARK JEFFREY, SUVINAY SUBRAMANIAN, MALEEN ABEYDEERA, JOEL EMER, DANIEL SANCHEZ MI MICRO 2016 Executive summary Many-cores must exploit cache locality to scale Current speculative

635 views • 49 slides
Data-Centric Execution of Speculative Parallel Programs MARK JEFFREY, SUVINAY SUBRAMANIAN,

Data-Centric Execution of Speculative Parallel Programs MARK JEFFREY, SUVINAY SUBRAMANIAN,

Data-Centric Execution of Speculative Parallel Programs MARK JEFFREY, SUVINAY SUBRAMANIAN, MALEEN ABEYDEERA, JOEL EMER, DANIEL SANCHEZ MICRO 2016 Executive summary Many-cores must exploit cache locality to scale Current speculative systems,

495 views • 27 slides
Speculative Execution Outcome unknown Block 1 Predict future execution path Begin executing

Speculative Execution Outcome unknown Block 1 Predict future execution path Begin executing

Speculative Execution Outcome unknown Block 1 Predict future execution path Begin executing instructions from predicted path ? Speculatively Executed A B Block Also Block 2 Speculatively Executed 1 Speculative Execution Block 1

428 views • 29 slides
Optimizing Distributed Transactions: Speculative Client Execution, Certified Serializability, and

Optimizing Distributed Transactions: Speculative Client Execution, Certified Serializability, and

Optimizing Distributed Transactions: Speculative Client Execution, Certified Serializability, and High Performance Run-Time Thesis DefenseMaster of Science Utkarsh Pandey Advisor: Binoy Ravindran Systems Software Research Group Virginia

504 views • 36 slides
1 The Hardware: Reorder Buffer Branch Prediction vs. Precise Interrupt If inst write results in

1 The Hardware: Reorder Buffer Branch Prediction vs. Precise Interrupt If inst write results in

Control Dependencies Every instruction is control dependent on some set of branches Lecture 7: Speculative Execution and if p1 Recovery S1; if p2 Branch prediction and speculative S2; execution, precise interrupt, reorder S1 is control

251 views • 3 slides
Performance Enhancement with Speculative Execution Based Parallelism for Processing Large-scale

Performance Enhancement with Speculative Execution Based Parallelism for Processing Large-scale

Introduction Parallel XML Conclusions Performance Enhancement with Speculative Execution Based Parallelism for Processing Large-scale XML-based Application Data Michael R. Head and Madhusudhan Govindaraju Grid Computing Research Laboratory

997 views • 47 slides
Speculative Execution Vulnerabilities: From a Simple Oversight to a Technological Nightmare Raoul

Speculative Execution Vulnerabilities: From a Simple Oversight to a Technological Nightmare Raoul

Speculative Execution Vulnerabilities: From a Simple Oversight to a Technological Nightmare Raoul Strackx raoul.strackx@cs.kuleuven.be @raoul_strackx imec-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Belgium Hardwear.io, June 14 th , 2019

1.05k views • 81 slides
Execution-based Prediction Using Speculative Slices Craig Zilles and Guri Sohi University of

Execution-based Prediction Using Speculative Slices Craig Zilles and Guri Sohi University of

Execution-based Prediction Using Speculative Slices Craig Zilles and Guri Sohi University of Wisconsin - Madison International Symposium on Computer Architecture July, 2001 The Problem Two major barriers to achieving high ILP: MISPREDICTED

427 views • 27 slides
InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy Mengjia Yan, Jiho Choi,

InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy Mengjia Yan, Jiho Choi,

InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy Mengjia Yan, Jiho Choi, Dimitrios Skarlatos, Adam Morrison, Christopher W. Fletcher, and Josep Torrellas University of Illinois at Urbana-Champaign Tel Aviv

559 views • 22 slides
A Reo Semantics for Reasoning about Speculative Execution Hans-Dieter A. Hiep Vrije Universiteit

A Reo Semantics for Reasoning about Speculative Execution Hans-Dieter A. Hiep Vrije Universiteit

A Reo Semantics for Reasoning about Speculative Execution Hans-Dieter A. Hiep Vrije Universiteit Amsterdam Centrum Wiskunde &amp; Informatica November 13th, 2018 Overview 1. Motivation 2. Language 3. Foundation 4. Properties Motivation

911 views • 59 slides
Spectre Attacks: Exploiting Speculative Execution IEEE Security &amp; Privacy (May 20, 2019) Paul

Spectre Attacks: Exploiting Speculative Execution IEEE Security &amp; Privacy (May 20, 2019) Paul

Spectre Attacks: Exploiting Speculative Execution IEEE Security &amp; Privacy (May 20, 2019) Paul Kocher 1 , Jann Horn 2 , Anders Fogh 3 , Daniel Genkin 4 , Daniel Gruss 5 , Werner Haas 6 , Mike Hamburg 7 , Mortiz Lipp 5 , Stefan Mangard 5 ,

410 views • 13 slides
An SSA-based Algorithm for Optimal Speculative Code Motion under an Execution Profile Hucheng

An SSA-based Algorithm for Optimal Speculative Code Motion under an Execution Profile Hucheng

An SSA-based Algorithm for Optimal Speculative Code Motion under an Execution Profile Hucheng Zhou Tsinghua University June 2011 Joint work with: Wenguang Chen (Tsinghua University), Fred Chow (ICube Technology Corp.) Contents Basic Concepts

670 views • 36 slides
Company introduction Soyter Components Our company Soyter Components located in Klaudyn near

Company introduction Soyter Components Our company Soyter Components located in Klaudyn near

Soyter Components Company introduction Soyter Components Our company Soyter Components located in Klaudyn near Warsaw is one of the leading distributors of electronic components and electromechanical parts in Poland. Since the beginning of

439 views • 14 slides
Patterning Nanostructures for Nanodevice and Biosensor Applications Hadi M. Zareie , Michael J.

Patterning Nanostructures for Nanodevice and Biosensor Applications Hadi M. Zareie , Michael J.

Oral Presentation, Theme H : Nano-Fabrication, Nano-Lithography, Nano-Manipulation Patterning Nanostructures for Nanodevice and Biosensor Applications Hadi M. Zareie , Michael J. Coutts, Michael B. Cortie, Andrew M. McDonagh

216 views • 6 slides
repeated. P a g e | 2 Now, we dont

repeated. P a g e | 2 Now, we dont

CEO Dr. Robert Pakters address to the Burrill Digital Health Meeting 2012 Ladies and Gentlemen, we have a problem-a problem taking our

496 views • 3 slides
TT Electronics plc 2017 Interim Results August 2017 H1 2017 Overview Proposed sale of

TT Electronics plc 2017 Interim Results August 2017 H1 2017 Overview Proposed sale of

TT Electronics plc 2017 Interim Results August 2017 H1 2017 Overview Proposed sale of TS&amp;C division for 118.8m, making TT a higher margin, higher quality business Increased financial capacity to accelerate growth through capital

589 views • 31 slides
&quot;An Agile Throwdown: Munich Takes On the Columbus Agile Benchmark Study&quot; ! ! !

&quot;An Agile Throwdown: Munich Takes On the Columbus Agile Benchmark Study&quot; ! ! !

! K3 K3 Keynote! 6/5/2014!8:45:00!AM ! ! ! ! &quot;An Agile Throwdown: Munich Takes On the Columbus Agile Benchmark Study&quot; ! ! ! Presented by: Michael Mah QSM Associates, Inc. ! ! ! ! Brought(to(you(by:( ! ! !

553 views • 37 slides
Designing a Microcontroller Integrated with WiFi and a Mobile Application for a Pellet Smoker

Designing a Microcontroller Integrated with WiFi and a Mobile Application for a Pellet Smoker

Designing a Microcontroller Integrated with WiFi and a Mobile Application for a Pellet Smoker Course: ECE 4901, 2017-2018 Members: Adam Burns - EE Jason DeJesus - EE/CompE Trevor Svec - CompE Sponsoring Company: Seconn Fabrication,

444 views • 19 slides
ARM Microcontroller Course May 27, 2015 ARM Microcontroller Course Serial Peripheral Interface

ARM Microcontroller Course May 27, 2015 ARM Microcontroller Course Serial Peripheral Interface

Serial Peripheral Interface Direct Digital Synthesis Exercises ARM Microcontroller Course May 27, 2015 ARM Microcontroller Course Serial Peripheral Interface Direct Digital Synthesis Exercises Table of Contents 1 Serial Peripheral Interface

329 views • 16 slides
Paper ID # NC01 Design and Development of a Microcontroller Based Automatic Blood Flow Monitoring

Paper ID # NC01 Design and Development of a Microcontroller Based Automatic Blood Flow Monitoring

Paper ID # NC01 Design and Development of a Microcontroller Based Automatic Blood Flow Monitoring and Controlling System Authored by Md. Sumon Ali and Muhibul Haque Bhuyan Department of EEE, Southeast University Presented By Md. Suman Ali

615 views • 15 slides

More recommend