Defending Against Misspeculation-based Cache Probe Attacks Using Variable Record Table

Abstract

Meltdown and Spectre attacks exploit speculative execution in a processor to leak sensitive data that would otherwise be inaccessible. Existing countermeasures based on temporary patches come at the cost of significant performance overhead. In this work, we present a novel approach to detect misspeculation based cache probe attacks. For a given function call, our approach keeps track of the misspeculative cache accesses and flags any accesses outside of the function. A variable record table (VRT) which is inaccessible to the programmer, is employed for such purpose. We validate our approach with SimpleScalar/PISA toolset for six (6) benchmarks chosen from MiBench benchmark suite. Experimental results demonstrate that our approach detects illegal misspeculative accesses with zero additional instruction overhead. The VRT with 512 entries (25Kb) incurs an area and power overhead of 7.98% and 10.22%, respectively with no penalty in time due to parallel search mechanism.