SpecDefender: Transient Execution Attack Defender using Performance Counters

Abstract

Side-channel attacks based on speculative execution have gained enough traction for researchers. This has resulted in the development of more creative variants of Spectre and its defences. However, many of these defence strategies end up making speculative execution or branch prediction ineffective. While these techniques protect the system, they cut down performance by more than 50%. Hence, these solutions cannot be deployed. In this paper, we present a framework that not only protects against different variants of Spectre but also maintains the performance. We prototyped this framework using a novel tool SpecDefender. It leverages Hardware Performance Counter (HPC) registers to dynamically detect active Spectre attacks and performs dynamic instrumentation to defend against them. This makes the tool widely applicable without any need for static analysis. Overall, the tool brings back the balance between performance and security. The tool was evaluated based on its accuracy and precision to detect an attack in different scenarios. It exhibit >90% precision when five out of ten processes were simultaneously attacked. The response time for the tool to detect is ~2 sec. Furthermore, the throughput of the process under attack was comparable to normal execution in presence of SpecDefender.