Verification of serialising instructions for security against transient execution attacks

Transient execution attacks such as Spectre and Meltdown exploit speculative execution in modern microprocessors to leak information via cache side‐channels. Software solutions to defend against many transient execution attacks employ the lfence serialising instruction, which does not allow instruct...

Full description

Saved in:
Bibliographic Details
Published in:Chronic diseases and translational medicine 2023-07, Vol.17 (3-4), p.127-140
Main Authors: Ponugoti, Kushal K., Srinivasan, Sudarshan K., Mathure, Nimish
Format: Article
Language:English
Subjects:
Central processing units
computer architecture
electronic design automation
formal verification
integrated circuit design
logic design
microcomputers
microprocessor chips
Microprocessors
Safety and security measures
Semantics
Software
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Transient execution attacks such as Spectre and Meltdown exploit speculative execution in modern microprocessors to leak information via cache side‐channels. Software solutions to defend against many transient execution attacks employ the lfence serialising instruction, which does not allow instructions that come after the lfence to execute out‐of‐order with respect to instructions that come before the lfence. However, errors and Trojans in the hardware implementation of lfence can be exploited to compromise the software mitigations that use lfence. The aforementioned security gap has not been identified and addressed previously. The authors provide a formal method solution that addresses the verification of lfence hardware implementation. The authors also show how hardware Trojans can be designed to circumvent lfence and demonstrate that their verification approach will flag such Trojans as well. The authors have demonstrated the efficacy of our approach using RSD, which is an open source RISC‐V based superscalar out‐of‐order processor. Serialising instructions such as lfence are used to guard modern microprocessors against Spectre‐like transient execution attacks. However, bugs and Trojans can render the solution ineffective without impacting programme correctness. We provide a formal verification methodology which guarantees the integrity of the lfence instruction.
ISSN:1751-8601
2095-882X
1751-861X
2589-0514
DOI:10.1049/cdt2.12058