STBPU: A Reasonably Secure Branch Prediction Unit

TL;DR

This paper introduces STBPU, a secure branch prediction unit design that defends against collision-based attacks and side channels with minimal performance impact by customizing data representation and active monitoring.

Contribution

STBPU offers a novel secure BPU architecture that isolates data per software entity and actively monitors prediction events to prevent malicious collisions.

Findings

STBPU effectively defends against collision-based transient attacks.

It maintains high branch prediction accuracy with minimal performance overhead.

The approach enhances security without significant CPU performance degradation.

Abstract

Modern processors have suffered a deluge of threats exploiting branch instruction collisions inside the branch prediction unit (BPU), from eavesdropping on secret-related branch operations to triggering malicious speculative executions. Protecting branch predictors tends to be challenging from both security and performance perspectives. For example, partitioning or flushing BPU can stop certain collision-based exploits but only to a limited extent. Meanwhile, such mitigations negatively affect branch prediction accuracy and further CPU performance. This paper proposes Secret Token Branch Prediction Unit (STBPU), a secure BPU design to defend against collision-based transient execution attacks and BPU side channels while incurring minimal performance overhead. STBPU resolves the challenges above by customizing data representation inside BPU for each software entity requiring isolation. In addition, to prevent an attacker from using brute force techniques to trigger malicious branch instruction collisions, STBPU actively monitors the prediction-related events and preemptively changes BPU data representation.