Since the discovery of speculative execution attacks based on side channels,there has been a long history of research on their attack mechanisms and defense principles.To explore TLB side channels,we constructed a Sys...Since the discovery of speculative execution attacks based on side channels,there has been a long history of research on their attack mechanisms and defense principles.To explore TLB side channels,we constructed a System-on-Chip(SoC)centered around the XuanTie C910 processor on a Virtex UltraScale+HBM VCU128 FPGA and ran the Linux operating system on this platform.We successfully implemented the Spectre-v1 attack targeting the multi-level TLB structure of the XuanTie C910 processor,identifying the second-level TLB as the primary target of the attack.In addition,we proposed a defense mechanism called TLBshield-v1,which employs a 50-percent block rate policy on the write-back channel from the Page Table Walker to the second-level TLB,thereby mitigating all attacks based on the second-level TLB.We tested a 50-percent block rate policy,which reduced the success rate of the Spectre-v1 attack from 100 percent to 55.7 percent,with a performance overhead of only 1.77 percent.Furthermore,we designed TLBshield-v2,with different block rates of second-level TLB,tested their corresponding performance overheads and security implications,and introduced a normalized evaluation metric,Security-Versus-Performance to determine the optimal design strategy that balances performance overhead and security under varying security requirements.展开更多
文摘Since the discovery of speculative execution attacks based on side channels,there has been a long history of research on their attack mechanisms and defense principles.To explore TLB side channels,we constructed a System-on-Chip(SoC)centered around the XuanTie C910 processor on a Virtex UltraScale+HBM VCU128 FPGA and ran the Linux operating system on this platform.We successfully implemented the Spectre-v1 attack targeting the multi-level TLB structure of the XuanTie C910 processor,identifying the second-level TLB as the primary target of the attack.In addition,we proposed a defense mechanism called TLBshield-v1,which employs a 50-percent block rate policy on the write-back channel from the Page Table Walker to the second-level TLB,thereby mitigating all attacks based on the second-level TLB.We tested a 50-percent block rate policy,which reduced the success rate of the Spectre-v1 attack from 100 percent to 55.7 percent,with a performance overhead of only 1.77 percent.Furthermore,we designed TLBshield-v2,with different block rates of second-level TLB,tested their corresponding performance overheads and security implications,and introduced a normalized evaluation metric,Security-Versus-Performance to determine the optimal design strategy that balances performance overhead and security under varying security requirements.
