This is How You Lose the Transient Execution War

by   Allison Randal, et al.

A new class of vulnerabilities related to speculative and out-of-order execution, fault-injection, and microarchitectural side channels rose to attention in 2018. The techniques behind the transient execution vulnerabilities were not new, but the combined application of the techniques was more sophisticated, and the security impact more severe, than previously considered possible. Numerous mitigations have been proposed and implemented for variants of the transient execution vulnerabilities. While Meltdown-type exception-based transient execution vulnerabilities have proven to be tractable, Spectre-type vulnerabilities and other speculation-based transient execution vulnerabilities have been far more resistant to countermeasures. A few proposed mitigations have been widely adopted by hardware vendors and software developers, but combining those commonly deployed mitigations does not produce an effective and comprehensive solution, it only protects against a small subset of the variants. Over the years, newly proposed mitigations have been trending towards more effective and comprehensive approaches with better performance, and yet, older mitigations remain the most popular despite limited security benefits and prohibitive performance penalties. If we continue this way, we can look forward to many generations of hardware debilitated by performance penalties from increasing layers of mitigations as new variants are discovered, and yet still vulnerable to both known and future variants.


page 1

page 2

page 3

page 4


An Exhaustive Approach to Detecting Transient Execution Side Channels in RTL Designs of Processors

Hardware (HW) security issues have been emerging at an alarming rate in ...

Automatically Eliminating Speculative Leaks With Blade

We introduce BLADE, a new approach to automatically and efficiently synt...

Hacky Racers: Exploiting Instruction-Level Parallelism to Generate Stealthy Fine-Grained Timers

Side-channel attacks pose serious threats to many security models, espec...

SPEECHMINER: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities

SPEculative Execution side Channel Hardware (SPEECH) Vulnerabilities hav...

An abstract semantics of speculative execution for reasoning about security vulnerabilities

Reasoning about correctness and security of software is increasingly dif...

Revisiting Security Vulnerabilities in Commercial Password Managers

In this work we analyse five popular commercial password managers for se...

One Exploit to Rule them All? On the Security of Drop-in Replacement and Counterfeit Microcontrollers

With the increasing complexity of embedded systems, the firmware has bec...

Please sign up or login with your details

Forgot password? Click here to reset