Pre-cache: A Microarchitectural Solution to prevent Meltdown and Spectre

TL;DR

This work targets the Meltdown and Spectre class of attacks, which exploit out-of-order and speculative execution to leak data via microarchitectural side channels. It introduces Pre-cache, a general microarchitectural buffer that holds data loaded by transient instructions until commit, thereby preventing leakage through the cache or other memory structures. The design extends to multi-level caches and multi-core systems, including an instruction-cache variant (iPre-cache) to counter iMeltdown and iSpectre, and discusses extensions to other buffers (TLB, prefetchers, RSB, SgxPectre, Foreshadow). Evaluation across SPEC2006, PARSEC, and SPLASH-2 demonstrates correctness, significant security improvements, and modest to substantial IPC benefits (up to 22.7% in some configurations) with low area/power overhead. The results advocate a general hardware-based defense that preserves performance while eliminating the underlying side effects of speculative execution, applicable to current and future variants.

Abstract

Recent work has shown that out-of-order and speculative execution mechanisms used to increase performance in the majority of processors expose the processors to critical attacks. These attacks, called Meltdown and Spectre, exploit the side effects of performance-enhancing features in modern microprocessors to expose secret data through side channels in the microarchitecture. The well known implementations of these attacks exploit cache-based side channels since they are the least noisy channels to exfiltrate data. While some software patches attempted to mitigate these attacks, they are ad-hoc and only try to fix the side effects of the vulnerabilites. They may also impose a performance overhead of up to 30%. In this paper, we present a microarchitecture-based solution for Meltdown and Spectre that addresses the vulnerabilities exploited by the attacks. Our solution prevents flushed instructions from exposing data to the cache. Our approach can also be extended to other memory structures in the microarchitecture thereby preventing variants of the attacks which exploit these memory structures. We further identify two new variant attacks based on exploiting the side effects of speculative and out-of-order execution and show how our solution can be used to prevent these attacks. Evaluation results show that our microarchitectural solution not only restores secure out-of-order and speculative execution, but also has relatively low overhead and does not significantly impact performance for most applications.

Figures (9)

• Figure 1: Abstraction of Meltdown and Spectre attacks: Step 2 and step 3 execute transient instructions allowed by OoOE or speculative execution. Pre-cache prevents side effects in both step 2 and step 3 by containing the data and side effects in an isolated buffer, making step 4 impossible.
• Figure 2: Pre-cache buffers speculatively-loaded data until speculation is resolved. If the loading instruction commits, data is sent to cache; otherwise, discarded.
• Figure 3: In the Pre-cache architecture, data loaded from memory are buffered in the Pre-cache until the instructions that loaded the data are confirmed to be valid. Data from transient instructions is not permitted to enter the cache.
• Figure 4: Pre-cache directories are necessary for inclusive cache. (a) If data in L2 is evicted before STC writes to L1, inclusivity is compromised. (b) The eviction at L2 causes an invalidation in Pre-cache, maintaining inclusivity.
• Figure 5: Coherence state in a Pre-cache design is updated during STC.