Presentation
SPECRUN: The Danger of Speculative Runahead Execution in Processors
DescriptionRunahead execution is a continuously evolving microarchitectural technique for processor performance. This paper introduces the first transient execution attack on the runahead execution, called SPECRUN, which exploits the unresolved branch prediction during runahead execution. We show that SPECRUN eliminates the limitation on the number of transient instructions posed by the reorder buffer size, enhancing the exploitability and harmfulness of the attack. We concretely demonstrate a proof-of-concept attack that causes leaking secrets from a victim process, validate the merit of SPECRUN, and design a secure runahead execution scheme. This paper highlights the need to consider the security of potential optimization techniques before implementing them in a processor.
Event Type
Research Manuscript
TimeWednesday, June 2611:00am - 11:15am PDT
Location3012, 3rd Floor
Security
Embedded and Cross-Layer Security