Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

CIBPU: A Conflict-Invisible Secure Branch Prediction Unit

Zhe Zhou, Fei Tong, Hongyu Wang, Xiaoyu Cheng, Fang Jiang, Zhikun Zhang, Yuxing Mao

TL;DR

CIBPU tackles conflict-based leakage in branch prediction units by concealing branch conflicts through a three-part design: two-level encryption, CIPHT for a replicated PHT, and CIBTB for a decoupled BTB with load-balanced indexing and replacement. The scheme achieves strong lifecycle security without periodic key re-randomization, supported by analytical security proofs and probabilistic models, and demonstrates minimal performance overhead in both single-threaded and SMT scenarios. Empirical validation via gem5 simulations and FPGA-based SonicBOOM experiments confirms competitive IPC impact (around 1–2%) and modest hardware overhead, outperforming prior SBPU approaches. The work provides a practical, scalable path to secure BPU deployment with real-world applicability to modern RISC-V cores and FPGA prototypes.

Abstract

Previous schemes for designing secure branch prediction unit (SBPU) based on physical isolation can only offer limited security and significantly affect BPU's prediction capability, leading to prominent performance degradation. Moreover, encryption-based SBPU schemes based on periodic key re-randomization have the risk of being compromised by advanced attack algorithms, and the performance overhead is also considerable. To this end, this paper proposes a conflict-invisible SBPU (CIBPU). CIBPU employs redundant storage design, load-aware indexing, and replacement design, as well as an encryption mechanism without requiring periodic key updates, to prevent attackers' perception of branch conflicts. We provide a thorough security analysis, which shows that CIBPU achieves strong security throughout the BPU's lifecycle. We implement CIBPU in a RISC-V core model in gem5. The experimental results show that CIBPU causes an average performance overhead of only 1.12%-2.20% with acceptable hardware storage overhead, which is the lowest among the state-of-the-art SBPU schemes. CIBPU has also been implemented in the open-source RISC-V core, SonicBOOM, which is then burned onto an FPGA board. The evaluation based on the board shows an average performance degradation of 2.01%, which is approximately consistent with the result obtained in gem5.

CIBPU: A Conflict-Invisible Secure Branch Prediction Unit

TL;DR

CIBPU tackles conflict-based leakage in branch prediction units by concealing branch conflicts through a three-part design: two-level encryption, CIPHT for a replicated PHT, and CIBTB for a decoupled BTB with load-balanced indexing and replacement. The scheme achieves strong lifecycle security without periodic key re-randomization, supported by analytical security proofs and probabilistic models, and demonstrates minimal performance overhead in both single-threaded and SMT scenarios. Empirical validation via gem5 simulations and FPGA-based SonicBOOM experiments confirms competitive IPC impact (around 1–2%) and modest hardware overhead, outperforming prior SBPU approaches. The work provides a practical, scalable path to secure BPU deployment with real-world applicability to modern RISC-V cores and FPGA prototypes.

Abstract

Previous schemes for designing secure branch prediction unit (SBPU) based on physical isolation can only offer limited security and significantly affect BPU's prediction capability, leading to prominent performance degradation. Moreover, encryption-based SBPU schemes based on periodic key re-randomization have the risk of being compromised by advanced attack algorithms, and the performance overhead is also considerable. To this end, this paper proposes a conflict-invisible SBPU (CIBPU). CIBPU employs redundant storage design, load-aware indexing, and replacement design, as well as an encryption mechanism without requiring periodic key updates, to prevent attackers' perception of branch conflicts. We provide a thorough security analysis, which shows that CIBPU achieves strong security throughout the BPU's lifecycle. We implement CIBPU in a RISC-V core model in gem5. The experimental results show that CIBPU causes an average performance overhead of only 1.12%-2.20% with acceptable hardware storage overhead, which is the lowest among the state-of-the-art SBPU schemes. CIBPU has also been implemented in the open-source RISC-V core, SonicBOOM, which is then burned onto an FPGA board. The evaluation based on the board shows an average performance degradation of 2.01%, which is approximately consistent with the result obtained in gem5.
Paper Structure (25 sections, 12 equations, 10 figures, 6 tables, 2 algorithms)

This paper contains 25 sections, 12 equations, 10 figures, 6 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Background
  3. Branch Prediction Unit
  4. BPU Attacks
  5. Threat Model
  6. Our Proposal: CIBPU
  7. Overview
  8. Two-level Encryption
  9. CIPHT
  10. CIBTB
  11. Discussion of CIBPU
  12. Security Analysis
  13. Analysis on Reuse-based Attacks
  14. Analysis on Eviction-based Attacks
  15. Security Summary
  16. ...and 10 more sections

Figures (10)

  • Figure 1: The internal structure of the conventional PHT and BTB.
  • Figure 2: Overview of index encryption and content encryption mechanisms.
  • Figure 3: Overview of design of CIPHT.
  • Figure 4: Overview of design of CIBTB.
  • Figure 5: Probability of a set having $N$ valid tags - Estimated analytically ($P_{\text{est}}$) and Observed ($P_{\text{obs}}$).
  • ...and 5 more figures