Pre-cache: A Microarchitectural Solution to prevent Meltdown and Spectre

TL;DR

This paper proposes a microarchitectural solution called Pre-cache to prevent Meltdown and Spectre attacks by preventing flushed instructions from exposing data, effectively securing speculative execution with minimal performance impact.

Contribution

The paper introduces Pre-cache, a novel microarchitectural approach that mitigates Meltdown and Spectre by blocking data exposure from flushed instructions, extending to other memory structures and new attack variants.

Findings

Pre-cache effectively prevents Meltdown and Spectre exploits.

The solution restores secure speculative execution with low overhead.

It can be extended to defend against other microarchitectural attacks.

Abstract

Recent work has shown that out-of-order and speculative execution mechanisms used to increase performance in the majority of processors expose the processors to critical attacks. These attacks, called Meltdown and Spectre, exploit the side effects of performance-enhancing features in modern microprocessors to expose secret data through side channels in the microarchitecture. The well known implementations of these attacks exploit cache-based side channels since they are the least noisy channels to exfiltrate data. While some software patches attempted to mitigate these attacks, they are ad-hoc and only try to fix the side effects of the vulnerabilites. They may also impose a performance overhead of up to 30%. In this paper, we present a microarchitecture-based solution for Meltdown and Spectre that addresses the vulnerabilities exploited by the attacks. Our solution prevents flushed instructions from exposing data to the cache. Our approach can also be extended to other memory structures in the microarchitecture thereby preventing variants of the attacks which exploit these memory structures. We further identify two new variant attacks based on exploiting the side effects of speculative and out-of-order execution and show how our solution can be used to prevent these attacks. Evaluation results show that our microarchitectural solution not only restores secure out-of-order and speculative execution, but also has relatively low overhead and does not significantly impact performance for most applications.