Securing Branch Predictors with Two-Level Encryption

Securing Branch Predictors with Two-Level Encryption

Modern processors rely on various speculative mechanisms to meet performance demand. Branch predictors are one of the most important micro-architecture components to deliver performance. However, they have been under heavy scrutiny because of recent side-channel attacks. Branch predictors are indexe...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:ACM transactions on architecture and code optimization 2020-08, Vol.17 (3), p.1-25
Hauptverfasser: Lee, Jaekyu, Ishii, Yasuo, Sunwoo, Dam
Format: Artikel
Sprache:eng
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 25
container_issue 3
container_start_page 1
container_title ACM transactions on architecture and code optimization
container_volume 17
creator Lee, Jaekyu
Ishii, Yasuo
Sunwoo, Dam
description Modern processors rely on various speculative mechanisms to meet performance demand. Branch predictors are one of the most important micro-architecture components to deliver performance. However, they have been under heavy scrutiny because of recent side-channel attacks. Branch predictors are indexed using the PC and recent branch histories. An adversary can manipulate these parameters to access and control the same branch predictor entry that a victim uses. Recent Spectre attacks exploit this to set up speculative-execution-based security attacks. In this article, we aim to mitigate branch predictor side-channels using two-level encryption. At the first level, we randomize the set-index by encrypting the PC using a per-context secret key. At the second level, we encrypt the data in each branch predictor entry. While periodic key changes make the branch predictor more secure, performance degradation can be significant. To alleviate performance degradation, we propose a practical set update mechanism that also considers parallelism in multi-banked branch predictors. We show that our mechanism exhibits only 1.0% and 0.2% performance degradation while changing keys every 10K and 50K cycles, respectively, which is much lower than other state-of-the-art approaches.
doi_str_mv 10.1145/3404189
format Article
fullrecord <record><control><sourceid>crossref</sourceid><recordid>TN_cdi_crossref_primary_10_1145_3404189</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>10_1145_3404189</sourcerecordid><originalsourceid>FETCH-LOGICAL-c258t-d60d856bc034e63766d44067f77957d15568cea3a9af735695856c6a242371b73</originalsourceid><addsrcrecordid>eNo1j01LAzEURYMoWKv4F7JzFX2ZvLxMllrqBwwoWNdDmmRspM6UZLT031uxru5dXA73MHYp4VpK1DcKAWVtj9hEakShrFHH_10TnbKzUj4AKlsBTBi-Rv-VU__O77Lr_Yq_5BiSH4dc-DaNK77YDqKJ33HN573Pu82Yhv6cnXRuXeLFIafs7X6-mD2K5vnhaXbbCF_pehSBINSalh4URlKGKCACmc4Yq02QWlPto1POus7sv1m9X3tyFVbKyKVRU3b1x_V5KCXHrt3k9OnyrpXQ_sq2B1n1A6KvRE0</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Securing Branch Predictors with Two-Level Encryption</title><source>ACM Digital Library Complete</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Lee, Jaekyu ; Ishii, Yasuo ; Sunwoo, Dam</creator><creatorcontrib>Lee, Jaekyu ; Ishii, Yasuo ; Sunwoo, Dam</creatorcontrib><description>Modern processors rely on various speculative mechanisms to meet performance demand. Branch predictors are one of the most important micro-architecture components to deliver performance. However, they have been under heavy scrutiny because of recent side-channel attacks. Branch predictors are indexed using the PC and recent branch histories. An adversary can manipulate these parameters to access and control the same branch predictor entry that a victim uses. Recent Spectre attacks exploit this to set up speculative-execution-based security attacks. In this article, we aim to mitigate branch predictor side-channels using two-level encryption. At the first level, we randomize the set-index by encrypting the PC using a per-context secret key. At the second level, we encrypt the data in each branch predictor entry. While periodic key changes make the branch predictor more secure, performance degradation can be significant. To alleviate performance degradation, we propose a practical set update mechanism that also considers parallelism in multi-banked branch predictors. We show that our mechanism exhibits only 1.0% and 0.2% performance degradation while changing keys every 10K and 50K cycles, respectively, which is much lower than other state-of-the-art approaches.</description><identifier>ISSN: 1544-3566</identifier><identifier>EISSN: 1544-3973</identifier><identifier>DOI: 10.1145/3404189</identifier><language>eng</language><ispartof>ACM transactions on architecture and code optimization, 2020-08, Vol.17 (3), p.1-25</ispartof><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c258t-d60d856bc034e63766d44067f77957d15568cea3a9af735695856c6a242371b73</citedby><cites>FETCH-LOGICAL-c258t-d60d856bc034e63766d44067f77957d15568cea3a9af735695856c6a242371b73</cites><orcidid>0000-0002-0574-5381</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27901,27902</link.rule.ids></links><search><creatorcontrib>Lee, Jaekyu</creatorcontrib><creatorcontrib>Ishii, Yasuo</creatorcontrib><creatorcontrib>Sunwoo, Dam</creatorcontrib><title>Securing Branch Predictors with Two-Level Encryption</title><title>ACM transactions on architecture and code optimization</title><description>Modern processors rely on various speculative mechanisms to meet performance demand. Branch predictors are one of the most important micro-architecture components to deliver performance. However, they have been under heavy scrutiny because of recent side-channel attacks. Branch predictors are indexed using the PC and recent branch histories. An adversary can manipulate these parameters to access and control the same branch predictor entry that a victim uses. Recent Spectre attacks exploit this to set up speculative-execution-based security attacks. In this article, we aim to mitigate branch predictor side-channels using two-level encryption. At the first level, we randomize the set-index by encrypting the PC using a per-context secret key. At the second level, we encrypt the data in each branch predictor entry. While periodic key changes make the branch predictor more secure, performance degradation can be significant. To alleviate performance degradation, we propose a practical set update mechanism that also considers parallelism in multi-banked branch predictors. We show that our mechanism exhibits only 1.0% and 0.2% performance degradation while changing keys every 10K and 50K cycles, respectively, which is much lower than other state-of-the-art approaches.</description><issn>1544-3566</issn><issn>1544-3973</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><recordid>eNo1j01LAzEURYMoWKv4F7JzFX2ZvLxMllrqBwwoWNdDmmRspM6UZLT031uxru5dXA73MHYp4VpK1DcKAWVtj9hEakShrFHH_10TnbKzUj4AKlsBTBi-Rv-VU__O77Lr_Yq_5BiSH4dc-DaNK77YDqKJ33HN573Pu82Yhv6cnXRuXeLFIafs7X6-mD2K5vnhaXbbCF_pehSBINSalh4URlKGKCACmc4Yq02QWlPto1POus7sv1m9X3tyFVbKyKVRU3b1x_V5KCXHrt3k9OnyrpXQ_sq2B1n1A6KvRE0</recordid><startdate>20200801</startdate><enddate>20200801</enddate><creator>Lee, Jaekyu</creator><creator>Ishii, Yasuo</creator><creator>Sunwoo, Dam</creator><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0002-0574-5381</orcidid></search><sort><creationdate>20200801</creationdate><title>Securing Branch Predictors with Two-Level Encryption</title><author>Lee, Jaekyu ; Ishii, Yasuo ; Sunwoo, Dam</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c258t-d60d856bc034e63766d44067f77957d15568cea3a9af735695856c6a242371b73</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Lee, Jaekyu</creatorcontrib><creatorcontrib>Ishii, Yasuo</creatorcontrib><creatorcontrib>Sunwoo, Dam</creatorcontrib><collection>CrossRef</collection><jtitle>ACM transactions on architecture and code optimization</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Lee, Jaekyu</au><au>Ishii, Yasuo</au><au>Sunwoo, Dam</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Securing Branch Predictors with Two-Level Encryption</atitle><jtitle>ACM transactions on architecture and code optimization</jtitle><date>2020-08-01</date><risdate>2020</risdate><volume>17</volume><issue>3</issue><spage>1</spage><epage>25</epage><pages>1-25</pages><issn>1544-3566</issn><eissn>1544-3973</eissn><abstract>Modern processors rely on various speculative mechanisms to meet performance demand. Branch predictors are one of the most important micro-architecture components to deliver performance. However, they have been under heavy scrutiny because of recent side-channel attacks. Branch predictors are indexed using the PC and recent branch histories. An adversary can manipulate these parameters to access and control the same branch predictor entry that a victim uses. Recent Spectre attacks exploit this to set up speculative-execution-based security attacks. In this article, we aim to mitigate branch predictor side-channels using two-level encryption. At the first level, we randomize the set-index by encrypting the PC using a per-context secret key. At the second level, we encrypt the data in each branch predictor entry. While periodic key changes make the branch predictor more secure, performance degradation can be significant. To alleviate performance degradation, we propose a practical set update mechanism that also considers parallelism in multi-banked branch predictors. We show that our mechanism exhibits only 1.0% and 0.2% performance degradation while changing keys every 10K and 50K cycles, respectively, which is much lower than other state-of-the-art approaches.</abstract><doi>10.1145/3404189</doi><tpages>25</tpages><orcidid>https://orcid.org/0000-0002-0574-5381</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 1544-3566
ispartof ACM transactions on architecture and code optimization, 2020-08, Vol.17 (3), p.1-25
issn 1544-3566
1544-3973
language eng
recordid cdi_crossref_primary_10_1145_3404189
source ACM Digital Library Complete; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals
title Securing Branch Predictors with Two-Level Encryption
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-13T05%3A45%3A07IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-crossref&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Securing%20Branch%20Predictors%20with%20Two-Level%20Encryption&rft.jtitle=ACM%20transactions%20on%20architecture%20and%20code%20optimization&rft.au=Lee,%20Jaekyu&rft.date=2020-08-01&rft.volume=17&rft.issue=3&rft.spage=1&rft.epage=25&rft.pages=1-25&rft.issn=1544-3566&rft.eissn=1544-3973&rft_id=info:doi/10.1145/3404189&rft_dat=%3Ccrossref%3E10_1145_3404189%3C/crossref%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true