SPECS: A Lightweight Runtime Mechanism for Protecting Software from Security-Critical Processor Bugs

Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems Pub Date : 2015-03-14 DOI:10.1145/2694344.2694366

Matthew Hicks, C. Sturton, Samuel T. King, Jonathan M. Smith

{"title":"SPECS: A Lightweight Runtime Mechanism for Protecting Software from Security-Critical Processor Bugs","authors":"Matthew Hicks, C. Sturton, Samuel T. King, Jonathan M. Smith","doi":"10.1145/2694344.2694366","DOIUrl":null,"url":null,"abstract":"Processor implementation errata remain a problem, and worse, a subset of these bugs are security-critical. We classified 7 years of errata from recent commercial processors to understand the magnitude and severity of this problem, and found that of 301 errata analyzed, 28 are security-critical. We propose the SECURITY-CRITICAL PROCESSOR ER- RATA CATCHING SYSTEM (SPECS) as a low-overhead solution to this problem. SPECS employs a dynamic verification strategy that is made lightweight by limiting protection to only security-critical processor state. As a proof-of- concept, we implement a hardware prototype of SPECS in an open source processor. Using this prototype, we evaluate SPECS against a set of 14 bugs inspired by the types of security-critical errata we discovered in the classification phase. The evaluation shows that SPECS is 86% effective as a defense when deployed using only ISA-level state; incurs less than 5% area and power overhead; and has no software run-time overhead.","PeriodicalId":403247,"journal":{"name":"Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems","volume":"171 2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"56","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2694344.2694366","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 56

Abstract

Processor implementation errata remain a problem, and worse, a subset of these bugs are security-critical. We classified 7 years of errata from recent commercial processors to understand the magnitude and severity of this problem, and found that of 301 errata analyzed, 28 are security-critical. We propose the SECURITY-CRITICAL PROCESSOR ER- RATA CATCHING SYSTEM (SPECS) as a low-overhead solution to this problem. SPECS employs a dynamic verification strategy that is made lightweight by limiting protection to only security-critical processor state. As a proof-of- concept, we implement a hardware prototype of SPECS in an open source processor. Using this prototype, we evaluate SPECS against a set of 14 bugs inspired by the types of security-critical errata we discovered in the classification phase. The evaluation shows that SPECS is 86% effective as a defense when deployed using only ISA-level state; incurs less than 5% area and power overhead; and has no software run-time overhead.

查看原文本刊更多论文

SPECS:用于保护软件免受安全关键处理器错误影响的轻量级运行时机制

处理器实现勘误表仍然是一个问题，更糟糕的是，这些错误的一个子集对安全性至关重要。我们对最近商业处理器7年来的勘误表进行了分类，以了解这个问题的规模和严重性，并发现在分析的301个勘误表中，有28个是安全关键的。我们提出安全关键处理器ER- RATA捕获系统(SPECS)作为一个低开销的解决方案来解决这个问题。SPECS采用了一种动态验证策略，该策略通过将保护限制为仅对安全至关重要的处理器状态而变得轻量级。作为概念验证，我们在一个开源处理器中实现了SPECS的硬件原型。使用这个原型，我们根据14个bug对SPECS进行评估，这些bug是由我们在分类阶段发现的安全关键错误类型引起的。评估表明，当仅使用isa级状态部署时，SPECS作为防御的有效性为86%;占地面积和电力开销小于5%;并且没有软件运行时开销。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems

自引率

0.00%

发文量