and effi ficient speculative execution
play

and Effi ficient Speculative Execution JIYONG YU, NAMRATA MANTRI, - PowerPoint PPT Presentation

Jul 09, 2023 •247 likes •833 views

ISCA20 Section 5B Speculative Data-Oblivious Execution: Mobilizing Safe Prediction For Safe and Effi ficient Speculative Execution JIYONG YU, NAMRATA MANTRI, JOSEP TORRELLAS, ADAM MORRISON*, CHRISTOPHER W. FLETCHER UNIVERSITY OF ILLINOIS AT

  1. ISCA’20 Section 5B Speculative Data-Oblivious Execution: Mobilizing Safe Prediction For Safe and Effi ficient Speculative Execution JIYONG YU, NAMRATA MANTRI, JOSEP TORRELLAS, ADAM MORRISON*, CHRISTOPHER W. FLETCHER UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN ∗ TEL AVIV UNIVERSITY 1

  2. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Execution Attacks ▪ Attacker exploits speculative execution to leak data through hardware usage 2

  3. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Execution Attacks ▪ Attacker exploits speculative execution to leak data through hardware usage Speculation starts if (addr < N) { // speculation // access instruction secret = load [addr]; // transmit instruction transmit secret; } time 3

  4. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Execution Attacks ▪ Attacker exploits speculative execution to leak data through hardware usage if (addr < N) { // speculation Speculative secret // access instruction is accessed secret = load [addr]; // transmit instruction transmit secret; } time 4

  5. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Execution Attacks ▪ Attacker exploits speculative execution to leak data through hardware usage if (addr < N) { // speculation // access instruction secret = load [addr]; Speculative secret is transmitted // transmit instruction via hardware usage transmit secret; } time 5

  6. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Execution Attacks ▪ Attacker exploits speculative execution to leak data through hardware usage if (addr < N) { // speculation // access instruction secret = load [addr]; Speculative secret is transmitted // transmit instruction via hardware usage transmit secret; } Shared hardware time 6

  7. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Execution Attacks ▪ Attacker exploits speculative execution to leak data through hardware usage if (addr < N) { // speculation addr < N // access instruction secret = load [addr]; // transmit instruction transmit secret; } Shared hardware time 7

  8. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Execution Attacks ▪ Attacker exploits speculative execution to leak data through hardware usage if (addr < N) { // speculation addr > N // access instruction secret = load [addr]; // transmit instruction transmit secret; } Shared hardware time 8

  9. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Execution Attacks ▪ Attacker exploits speculative execution to leak data through hardware usage if (addr < N) { // speculation addr > N // access instruction secret = load [addr]; // transmit instruction transmit secret; Attacker infers secret via } hardware state Shared hardware time 9

  10. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Existing Mitigations ▪ How to deal with ? transmit secret 10

  11. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Existing Mitigations Transmit Hardware ▪ How to deal with ? transmit secret instruction vulnerability ▪ Solution: Delayed Execution load Cache side channel ▪ Prior works: SpecShield [PACT’19], NDA [MICRO’19], STT [MICRO’19] Floating point Subnormal floating operations point …… …… 11

  12. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Existing Mitigations Transmit Hardware ▪ How to deal with ? transmit secret instruction vulnerability ▪ Solution: Delayed Execution load Cache side channel ▪ Prior works: SpecShield [PACT’19], NDA [MICRO’19], STT [MICRO’19] Floating point Subnormal floating operations point …… …… if (addr < N) { // speculation // access instruction secret = load [addr]; // transmit instruction Delaying execution transmit secret; } 12

  13. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Existing Mitigations Transmit Hardware ▪ How to deal with ? transmit secret instruction vulnerability ▪ Solution: Delayed Execution load Cache side channel ▪ Prior works: SpecShield [PACT’19], NDA [MICRO’19], STT [MICRO’19] Floating point Subnormal floating operations point ▪ Strong security guarantee …… …… ▪ High performance overhead 13

  14. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Existing Mitigations ▪ How to deal with ? transmit secret Register File ▪ Solution: Delayed Execution … ▪ Prior works: SpecShield [PACT’19], NDA [MICRO’19], secret transmit Execute Unit STT [MICRO’19] Improve the performance of Delayed Execution … ▪ Problem: High performance overhead and instruction instruction instruction instruction Maintain its security guarantee 14

  15. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Data Oblivious (SDO): Executive Summary 15

  16. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Data Oblivious (SDO): Executive Summary Idea 1. Execute transmit secret High performance eliminating operand-dependent hardware usage 16

  17. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Data Oblivious (SDO): Executive Summary Idea 1. Execute transmit secret by eliminating operand-dependent hardware usage (being data oblivious) High security, low performance High performance eliminating operand-dependent hardware usage 17

  18. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Data Oblivious (SDO): Executive Summary Idea 1. Execute transmit secret by eliminating operand-dependent hardware usage (being data oblivious) High security, low performance High performance Idea 2. Predict how the execution should be performed eliminating operand-dependent hardware usage 18

  19. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Speculative Data Oblivious (SDO): Executive Summary Idea 1. Execute transmit secret by eliminating operand-dependent hardware usage (being data oblivious) High security, low performance High performance Idea 2. Predict how the execution should be performed Problem : combining idea 1 & 2 creates security problems Solution : build on top of Speculative Taint Tracking (STT) 19

  20. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Example: Subnormal Floating-point Operation ▪ Double-precision floating point ▪ Normal input: (2.23e−308, 1.79e308), processed by Floating -Point Unit (FPU) ▪ Subnormal input: (4.9e−324, 2.23e−308), requiring microcode assist Latency = X (a is normal) && Fast path (FPU only) (b is normal) a = fpop a, b Latency = Y > X (a is subnormal) || Slow path (with (b is subnormal) microcode assist) 20

  21. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Problem: Leaking Whether Input is Normal/Subnormal Latency = X Fast path (FPU only) // owned by victim a = fpmult a, b Latency = Y > X Slow path (with microcode assist) // owned by attacker c = fpmult c, d 21

  22. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Problem: Leaking Whether Input is Normal/Subnormal Latency = X Fast path (FPU only) // owned by victim a = fpmult a, b Latency = Y > X Slow path (with microcode assist) // owned by attacker c = fpmult c, d a = fpmult a, b c = fpmult c, d Both a and b timeline are normal 0 X Using fast path 22

  23. Introduction Speculative Data-Oblivious SDO Framework SDO for Loads Evaluation Conclusion Problem: Leaking Whether Input is Normal/Subnormal Latency = X Fast path (FPU only) // owned by victim a = fpmult a, b Latency = Y > X Slow path (with microcode assist) // owned by attacker c = fpmult c, d a = fpmult a, b c = fpmult c, d Both a and b timeline are normal 0 X Using fast path c = fpmult c, d a = fpmult a, b a or b is timeline subnormal Using slow path Y 0 23

Recommend

Harmonizing Speculative and Non-Speculative Execution in Architectures for Ordered Parallelism

Harmonizing Speculative and Non-Speculative Execution in Architectures for Ordered Parallelism

Harmonizing Speculative and Non-Speculative Execution in Architectures for Ordered Parallelism MA MARK C. JEFFR FFREY , VICTOR A. YING, SUVINAY SUBRAMANIAN, HYUN RYONG LEE, JOEL EMER, DANIEL SANCHEZ MI MICRO 2018 There is a (false)

1.48k views • 130 slides
SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities

SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities

SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities Yuan Xiao, Yinqian Zhang, Radu Teodorescu The Ohio State University SPEculative Execution side Channel Hardware (SPEECH) Vulnerabilities Leverage

512 views • 24 slides
Speculative Plan Execution for Information Agents Greg Barish University of Southern California

Speculative Plan Execution for Information Agents Greg Barish University of Southern California

Speculative Plan Execution for Information Agents Greg Barish University of Southern California Information Sciences Institute Advisor : Professor Craig A. Knoblock 1 Outline 1. Review and motivating example 2. Speculative plan execution 3.

1.15k views • 69 slides
FRACTAL AN EXECUTION MODEL FOR FINE-GRAIN NESTED SPECULATIVE PARALLELISM SU SUVINAY Y SU

FRACTAL AN EXECUTION MODEL FOR FINE-GRAIN NESTED SPECULATIVE PARALLELISM SU SUVINAY Y SU

FRACTAL AN EXECUTION MODEL FOR FINE-GRAIN NESTED SPECULATIVE PARALLELISM SU SUVINAY Y SU SUBRAMANIAN , MARK C. JEFFREY, MALEEN ABEYDEERA, HYUN RYONG LEE, VICTOR A. YING, JOEL EMER, DANIEL SANCHEZ IS ISCA 2017 Current speculative systems

984 views • 47 slides
Data-Centric Execution of Speculative Parallel Programs MA MARK JEFFREY, SUVINAY SUBRAMANIAN,

Data-Centric Execution of Speculative Parallel Programs MA MARK JEFFREY, SUVINAY SUBRAMANIAN,

Data-Centric Execution of Speculative Parallel Programs MA MARK JEFFREY, SUVINAY SUBRAMANIAN, MALEEN ABEYDEERA, JOEL EMER, DANIEL SANCHEZ MI MICRO 2016 Executive summary Many-cores must exploit cache locality to scale Current speculative

635 views • 49 slides
Data-Centric Execution of Speculative Parallel Programs MARK JEFFREY, SUVINAY SUBRAMANIAN,

Data-Centric Execution of Speculative Parallel Programs MARK JEFFREY, SUVINAY SUBRAMANIAN,

Data-Centric Execution of Speculative Parallel Programs MARK JEFFREY, SUVINAY SUBRAMANIAN, MALEEN ABEYDEERA, JOEL EMER, DANIEL SANCHEZ MICRO 2016 Executive summary Many-cores must exploit cache locality to scale Current speculative systems,

495 views • 27 slides
Speculative Execution Outcome unknown Block 1 Predict future execution path Begin executing

Speculative Execution Outcome unknown Block 1 Predict future execution path Begin executing

Speculative Execution Outcome unknown Block 1 Predict future execution path Begin executing instructions from predicted path ? Speculatively Executed A B Block Also Block 2 Speculatively Executed 1 Speculative Execution Block 1

428 views • 29 slides
Optimizing Distributed Transactions: Speculative Client Execution, Certified Serializability, and

Optimizing Distributed Transactions: Speculative Client Execution, Certified Serializability, and

Optimizing Distributed Transactions: Speculative Client Execution, Certified Serializability, and High Performance Run-Time Thesis DefenseMaster of Science Utkarsh Pandey Advisor: Binoy Ravindran Systems Software Research Group Virginia

504 views • 36 slides
1 The Hardware: Reorder Buffer Branch Prediction vs. Precise Interrupt If inst write results in

1 The Hardware: Reorder Buffer Branch Prediction vs. Precise Interrupt If inst write results in

Control Dependencies Every instruction is control dependent on some set of branches Lecture 7: Speculative Execution and if p1 Recovery S1; if p2 Branch prediction and speculative S2; execution, precise interrupt, reorder S1 is control

251 views • 3 slides
Performance Enhancement with Speculative Execution Based Parallelism for Processing Large-scale

Performance Enhancement with Speculative Execution Based Parallelism for Processing Large-scale

Introduction Parallel XML Conclusions Performance Enhancement with Speculative Execution Based Parallelism for Processing Large-scale XML-based Application Data Michael R. Head and Madhusudhan Govindaraju Grid Computing Research Laboratory

997 views • 47 slides
Speculative Execution Vulnerabilities: From a Simple Oversight to a Technological Nightmare Raoul

Speculative Execution Vulnerabilities: From a Simple Oversight to a Technological Nightmare Raoul

Speculative Execution Vulnerabilities: From a Simple Oversight to a Technological Nightmare Raoul Strackx raoul.strackx@cs.kuleuven.be @raoul_strackx imec-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Belgium Hardwear.io, June 14 th , 2019

1.05k views • 81 slides
Execution-based Prediction Using Speculative Slices Craig Zilles and Guri Sohi University of

Execution-based Prediction Using Speculative Slices Craig Zilles and Guri Sohi University of

Execution-based Prediction Using Speculative Slices Craig Zilles and Guri Sohi University of Wisconsin - Madison International Symposium on Computer Architecture July, 2001 The Problem Two major barriers to achieving high ILP: MISPREDICTED

427 views • 27 slides
InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy Mengjia Yan, Jiho Choi,

InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy Mengjia Yan, Jiho Choi,

InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy Mengjia Yan, Jiho Choi, Dimitrios Skarlatos, Adam Morrison, Christopher W. Fletcher, and Josep Torrellas University of Illinois at Urbana-Champaign Tel Aviv

559 views • 22 slides
A Reo Semantics for Reasoning about Speculative Execution Hans-Dieter A. Hiep Vrije Universiteit

A Reo Semantics for Reasoning about Speculative Execution Hans-Dieter A. Hiep Vrije Universiteit

A Reo Semantics for Reasoning about Speculative Execution Hans-Dieter A. Hiep Vrije Universiteit Amsterdam Centrum Wiskunde &amp; Informatica November 13th, 2018 Overview 1. Motivation 2. Language 3. Foundation 4. Properties Motivation

911 views • 59 slides
Spectre Attacks: Exploiting Speculative Execution IEEE Security &amp; Privacy (May 20, 2019) Paul

Spectre Attacks: Exploiting Speculative Execution IEEE Security &amp; Privacy (May 20, 2019) Paul

Spectre Attacks: Exploiting Speculative Execution IEEE Security &amp; Privacy (May 20, 2019) Paul Kocher 1 , Jann Horn 2 , Anders Fogh 3 , Daniel Genkin 4 , Daniel Gruss 5 , Werner Haas 6 , Mike Hamburg 7 , Mortiz Lipp 5 , Stefan Mangard 5 ,

410 views • 13 slides
An SSA-based Algorithm for Optimal Speculative Code Motion under an Execution Profile Hucheng

An SSA-based Algorithm for Optimal Speculative Code Motion under an Execution Profile Hucheng

An SSA-based Algorithm for Optimal Speculative Code Motion under an Execution Profile Hucheng Zhou Tsinghua University June 2011 Joint work with: Wenguang Chen (Tsinghua University), Fred Chow (ICube Technology Corp.) Contents Basic Concepts

670 views • 36 slides
Speculative Plan Execution for Information Agents Greg Barish University of Southern California

Speculative Plan Execution for Information Agents Greg Barish University of Southern California

Speculative Plan Execution for Information Agents Greg Barish University of Southern California June 30th, 2003 Thesis Committee Prof. Craig Knoblock (chair) Dr. Steven Minton, Fetch Technologies Prof. Paul Rosenbloom Prof. Cyrus Shahabi

989 views • 51 slides
Speculative execution in a distributed file system E. B. Nightingale, P. M. Chen, J. Flinn

Speculative execution in a distributed file system E. B. Nightingale, P. M. Chen, J. Flinn

Faculty of Computer Science Institute for System Architecture, Operating Systems Group Speculative execution in a distributed file system E. B. Nightingale, P. M. Chen, J. Flinn Dresden, 2010-09-01 Distributed File Systems NFS (v3),

194 views • 15 slides
DAWG : A Defense Against Cache Timing Attacks in Speculative Execution Processors Vladimir

DAWG : A Defense Against Cache Timing Attacks in Speculative Execution Processors Vladimir

DAWG : A Defense Against Cache Timing Attacks in Speculative Execution Processors Vladimir Kiriansky, Ilia Lebedev, Saman Amarasinghe, Srinivas Devadas, Joel Emer {vlk, ilebedev, saman, devadas, emer}@csail.mit.edu MICRO'18

949 views • 78 slides
Spectre and Meltdown: Data leaks during speculative execution Speaker: Jann Horn (Google Project

Spectre and Meltdown: Data leaks during speculative execution Speaker: Jann Horn (Google Project

Spectre and Meltdown: Data leaks during speculative execution Speaker: Jann Horn (Google Project Zero) Paul Kocher (independent) Daniel Genkin (University of Pennsylvania and University of Maryland) Yuval Yarom (University of Adelaide and

243 views • 22 slides
Speculative Defragmentation Speculative Defragmentation A Technique to Improve the

Speculative Defragmentation Speculative Defragmentation A Technique to Improve the

Ninth IEEE International Symposium on High Performance Distributed Computing, Pittsburgh, Pennsylvania, August 1-4, 2000 Speculative Defragmentation Speculative Defragmentation A Technique to Improve the Communication A Technique to

237 views • 22 slides
E E Energy Efficiency in Energy Efficiency in Effi i Effi i i i Graphics Rendering

E E Energy Efficiency in Energy Efficiency in Effi i Effi i i i Graphics Rendering

E E Energy Efficiency in Energy Efficiency in Effi i Effi i i i Graphics Rendering Graphics Rendering Graphics Rendering Graphics Rendering Preeti Ranjan Panda Department of Computer Science and Engineering Indian Institute of

536 views • 34 slides
sustainable urban freight Breakout session at the VREF conference 19 October 2016 Introduction

sustainable urban freight Breakout session at the VREF conference 19 October 2016 Introduction

Planning for effi ficient and sustainable urban freight Breakout session at the VREF conference 19 October 2016 Introduction by Jardar Andersen Institute of Transport Economics, Norway 19.10.2016 Breakout session urban freight planning 1

712 views • 47 slides
21264 vs NetBurst Two Different Processors- Both Nonexistent CSE 240C - Rushi Chakrabarti - WI09

21264 vs NetBurst Two Different Processors- Both Nonexistent CSE 240C - Rushi Chakrabarti - WI09

21264 vs NetBurst Two Different Processors- Both Nonexistent CSE 240C - Rushi Chakrabarti - WI09 Common Boasts Out of Order Execution Speculative Execution High Performance Memory System Industry Leading Clock Rates Bit o

812 views • 56 slides

More recommend