SoK: Hardware Defenses Against Speculative Execution Attacks

TL;DR

This paper systematically reviews hardware defenses against speculative execution attacks, categorizing 20 proposed solutions based on attack steps they prevent, and discusses their effectiveness and performance trade-offs.

Contribution

It provides a comprehensive systematization of hardware mitigation strategies against speculative execution attacks, classifying defenses and analyzing their security and performance impacts.

Findings

Identifies 6 critical attack steps in speculative execution attacks.

Classifies 20 hardware defenses under specific mitigation strategies.

Analyzes security-performance trade-offs of various defenses.

Abstract

Speculative execution attacks leverage the speculative and out-of-order execution features in modern computer processors to access secret data or execute code that should not be executed. Secret information can then be leaked through a covert channel. While software patches can be installed for mitigation on existing hardware, these solutions can incur big performance overhead. Hardware mitigation is being studied extensively by the computer architecture community. It has the benefit of preserving software compatibility and the potential for much smaller performance overhead than software solutions. This paper presents a systematization of the hardware defenses against speculative execution attacks that have been proposed. We show that speculative execution attacks consist of 6 critical attack steps. We propose defense strategies, each of which prevents a critical attack step from happening, thus preventing the attack from succeeding. We then summarize 20 hardware defenses and overhead-reducing features that have been proposed. We show that each defense proposed can be classified under one of our defense strategies, which also explains why it can thwart the attack from succeeding. We discuss the scope of the defenses, their performance overhead, and the security-performance trade-offs that can be made.