基于动态分支过滤的SMT执行端口侧信道安全防护

doi:10.12263/DZXB.20210210

电子学报 ›› 2022, Vol. 50 ›› Issue (7): 1594-1599.DOI: 10.12263/DZXB.20210210

基于动态分支过滤的SMT执行端口侧信道安全防护

岳晓萌¹^,², 杨秋松¹, 李明树¹

^1.中国科学院软件研究所基础软件国家工程研究中心，北京 100190
^2.中国科学院大学，北京 100049

收稿日期:2021-02-03 修回日期:2021-12-22 出版日期:2022-07-25
- 作者简介:
- 岳晓萌男，1989年12月生，山东青州人.2021年毕业于中国科学院大学，计算机软件与理论博士，主要研究方向为操作系统、计算机架构和系统安全.E-mail: xiaomeng@iscas.ac.cn
  杨秋松男，1977年生，博士，教授、博士生导师. 主要研究方向为操作系统、软件工程和系统安全.E-mail: qiusong@iscas.ac.cn
  李明树男，1966年生，博士，教授、博士生导师. 主要研究方向为操作系统、软件工程和分布式系统.E-mail: mingshu@iscas.ac.cn
- 基金资助:
- “核高基”国家科技重大专项基金 (2014ZX01029101-002); 中国科学院战略性先导科技专项 (XDA-Y01-01); 中国科学院战略性先导科技专项 (XDC05020200)

SMT Port Side Channel Attack Defending Method Based on Dynamic Branch Filter

YUE Xiao-meng¹^,², YANG Qiu-song¹, LI Ming-shu¹

^1.National Engineering Research Center for Fundamental Software, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
^2.University of Chinese Academy of Sciences, Beijing 100049, China

Received:2021-02-03 Revised:2021-12-22 Online:2022-07-25 Published:2022-07-30
- Supported by:
- Fund for National Science and Technology Major Project (NSTMP) Program Kernal Electronic Devices, High-end General Application Chips, Fundamental Software Products (2014ZX01029101-002); Chinese Academy of Sciences Strategic Pilot Project (XDA-Y01-01); Chinese Academy of Sciences Strategic Pilot Project (XDC05020200)

摘要/Abstract

摘要：

同时多线程（Simultaneous Multi-Threading，SMT）技术是提升线程级并行度的重要微架构优化技术之一，以SMoTherSpectre为代表的利用SMT环境下共享分支预测器和执行端口的时间侧信道攻击表明SMT技术在提升性能的同时也存在显著的安全隐患.基于记录分支预测错误刷新及调整执行端口资源使用策略，提出了一种SMT环境下执行端口时间信道攻击防护方法.该方法实现了分支过滤和动态资源使用策略修改组件，在防护有效性上可以达到关闭SMT技术的防护效果，性能开销仅为关闭SMT技术的22%，硬件开销可控.

关键词: 同时多线程, 时间信道, 侧信道, 执行端口, 安全防护

Abstract:

Simultaneous multi-threading(SMT) is one of the important micro-architecture optimization technologies to improve thread-level parallelism. The timing channel attack represented by SMoTherSpectre using shared branch predictors and execution ports in SMT environment shows that SMT technology has significant security risks as well as performance improvements. Based on recording branch misprediction refresh and dynamically adjusting the execution port resource utilization strategy, this paper proposes an approach for defending a timing channel attack on execution port in SMT environment. The approach implements a branch filter and a dynamic resource editor. This approach can achieve the same protection effect of turning off SMT technology, and the performance cost is only 22%, meanwhile, the hardware cost is controllable.

Key words: simultaneous multi-threading, timing channel, side channel, execution port, security defense

中图分类号:

TP309.2

岳晓萌, 杨秋松, 李明树. 基于动态分支过滤的SMT执行端口侧信道安全防护[J]. 电子学报, 2022, 50(7): 1594-1599.

YUE Xiao-meng, YANG Qiu-song, LI Ming-shu. SMT Port Side Channel Attack Defending Method Based on Dynamic Branch Filter[J]. Acta Electronica Sinica, 2022, 50(7): 1594-1599.

图/表 7

参考文献 14

1	MARRD T, BINNSF, HILLD L. Hyper-threading technology architecture and microarchitecture[J]. Intel Technology Journal, 2002, 6(1): 1-12.
2	ACIÇMEZO, SEIFERTJ P. Cheap hardware parallelism implies cheap security[C]//Proc of the Workshop on Fault Diagnosis & Tolerance in Cryptography. Vienna: IEEE, 2007: 80-91.
3	GEQIAN, YAROMY, COCKD, et al. A survey of microarchitectural timing attacks and countermeasures on contemporary hardware[J]. Journal of Cryptographic Engineering. 2016, 8(1): 1-27.
4	HEZ, LEER B. How secure is your cache against side-channel attacks?[C]//50th Annual IEEE/ACM International Symposium. Cambridge: ACM, 2017: 341-353.
5	WANGZHENGHONG, LEER. Covert and side channels due to processor architecture[C]//Proc of the 22nd Annual Computer Security Applications Conference. Miami Beach: IEEE, 2006: 473-482.
6	ALDAYAA, BRUMLEYB, HASSANS U, et al. Port contention for fun and profit[C]//Proc of the Symposium on Security and Privacy. San Francisco: IEEE, 2019: 19-23.
7	BHATTACHARYYAA, SANDULESCUA, NEUGSCHWANDTNERM, et al. SMoTherSpectre: Exploiting speculative execution through port contention[C]//Proc of the 2019 ACM SIGSAC Conf on Computer and Communications Security. London: ACM, 2019: 785-800.
8	PERCIVALC. Cache missing for fun and profit[J/OL]. (2019-12-16)[2021-12-22] .
9	HUWEIMING. Reducing timing channels with fuzzy time[C]//Proc of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy. Oakland,CA: IEEE, 1991: 8-20.
10	ZHANGYUE, ZHUZIYUAN, MENGDAN. DDM: A demand-based dynamic mitigation for SMT transient channels[C]//IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking. Xiamen: IEEE, 2019: 614-621.
11	HEZ, et al. New models for understanding and reasoning about speculative execution attacks[C]//IEEE International Symposium on High-Performance Computer Architecture(HPCA). Seoul: IEEE, 2021:40-53.
12	KOCHERP, GENKIND, GRUSSD, et al. Spectre attacks: Exploiting speculative execution[J]. Communications of the ACM, 2020, 63(7):93-101.
13	BINKERTN, BECKMANNB, BLACKG, et al. The gem5 simulator[J]. ACM SIGARCH Computer Architecture News, 2011, 39(2): 1-7.
14	HENNINGJ L. SPEC CPU2006 benchmark descriptions[J]. ACM SIGARCH Computer Architecture News, 2006, 4(34): 1-17.

模块	面积开销/μm²	时序开销(reg2reg)/ps	时序开销(in2reg)/ps	时序开销(reg2out)/ps
smt_smother_defend	74 947	368	369	300
branch_filter	74 852	无	无	无
policy_modifier	95	无	无	无
int exec(对比)	302 979	无	无	无

模块	面积开销/μm²	时序开销(reg2reg)/ps	时序开销(in2reg)/ps	时序开销(reg2out)/ps
smt_smother_defend	74 947	368	369	300
branch_filter	74 852	无	无	无
policy_modifier	95	无	无	无
int exec(对比)	302 979	无	无	无

[1]	焦志鹏, 姚富, 陈华, 王舰, 匡晓云, 黄开天. 一种基于门限与感染技术的SM4算法综合防护实现[J]. 电子学报, 2022, 50(5): 1066-1074.
[2]	杨超, 郭云飞, 扈红超, 刘文彦, 霍树民, 王亚文. 基于符号执行的软件缓存侧信道脆弱性检测技术[J]. 电子学报, 2019, 47(6): 1194-1200.
[3]	刘威, 蒋烈辉, 常瑞. 强物理不可克隆函数的侧信道混合攻击[J]. 电子学报, 2019, 47(12): 2639-2646.
[4]	彭昌勇, 朱创营, 黄莉, 祝跃飞, 王靳辉. 扩展的代数侧信道攻击及其应用[J]. 电子学报, 2013, 41(5): 859-864.
[5]	沈钲;孙义和. 一种支持同时多线程的VLIW DSP架构[J]. 电子学报, 2010, 38(2): 352-358.
[6]	陈开颜;张鹏;邓高明;赵强. 物理可观测下DES的安全性研究[J]. 电子学报, 2009, 37(11): 2389-2395.
[7]	孙彩霞, 张民选. 公平运行同时多线程处理器中的线程[J]. 电子学报, 2008, 36(2): 224-229.
[8]	邓晴莺, 张民选. 基于映射表的寄存器文件设计以及编译器优化[J]. 电子学报, 2008, 36(2): 392-396.
[9]	孙彩霞, 张民选. 基于多个取指优先级的同时多线程处理器取指策略[J]. 电子学报, 2006, 34(5): 790-795.

基于动态分支过滤的SMT执行端口侧信道安全防护

SMT Port Side Channel Attack Defending Method Based on Dynamic Branch Filter

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献 14

相关文章 9

编辑推荐

Metrics