Department of Computer Science and Technology

Technical reports

Transient execution vulnerabilities in the security context of server hardware

Allison Randal

December 2023, 145 pages

This technical report is based on a dissertation submitted July 2023 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Robinson College.

DOIhttps://doi.org/10.48456/tr-992

Abstract

Many mitigations have been proposed and implemented for many variants of the transient execution vulnerabilities, and while the Meltdown-type exception-based transient execution vulnerabilities have proven to be tractable, Spectre-type vulnerabilities and other speculation-based transient execution vulnerabilities have been far more resistant to countermeasures. For smaller-scale embedded systems or security-focused hardware such as a cryptographic system or a root-of-trust (RoT), eliminating speculation is widely accepted as a reasonable approach to improving security. But, for larger-scale and general-purpose hardware, eliminating speculation is often dismissed as inconceivable, though the claim that speculation is required for adequate performance is rarely supported by concrete performance results. The performance results we do have from several independent strands of research over the past few decades have shown that speculation features on large-scale server hardware do not offer the same performance advantages as on smaller-scale hardware, so eliminating speculation on large-scale server hardware does not harm performance as much as we might suspect. And selective speculation techniques have shown that speculation-based transient execution vulnerabilities can be mitigated by a partial elimination of speculation, so we can preserve some of the performance of speculation while subduing the security risk. In order to demonstrate that eliminating speculation is a feasible approach to mitigating the transient execution vulnerabilities on large-scale server hardware, this work considers three alternative approaches that partially or completely eliminate speculative execution: heterogeneous multicore systems combining speculative and non-speculative cores; entirely non-speculative microarchitectures; and selective speculation microarchitectures.

Full text

PDF (1.5 MB)

BibTeX record

@TechReport{UCAM-CL-TR-992,
  author =	 {Randal, Allison},
  title = 	 {{Transient execution vulnerabilities in the security
         	   context of server hardware}},
  year = 	 2023,
  month = 	 dec,
  url = 	 {https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-992.pdf},
  institution =  {University of Cambridge, Computer Laboratory},
  doi = 	 {10.48456/tr-992},
  number = 	 {UCAM-CL-TR-992}
}