Performance-enhancing mechanisms such as branch prediction, out-of-order execution, and return stack buffer (RSB) have been widely employed in today's modern processing units. Although successful in increasing the CPU performance, exploiting the design flaws and security bugs in these components have set the background for various types of microarchitectural attacks such as Spectre and Meltdown. While many attacks such as Meltdown and Spectre have been numerously implemented and analyzed on Intel processors, few researches have been carried out to evaluate their impact on ARM processors. Moreover, SpectreRSB vulnerability, the newer variant of spectre attack based on RSB, has been neglected in recent studies. In this work, we first evaluate the SpectreRSB vulnerability by implementing this attack on ARM processors, which, to the best of our knowledge, has not been implemented and analyzed on ARM processors. We further present a security evaluation of ARM processors by implementing different variants of Spectre-family attacks. By analyzing the results obtained from various experiments, we evaluate ARM processors security regarding their diverse microarchitectural designs. We also introduce a high throughput and noise-free covert channel, based on the RSB structure. Based on our experiments, the throughput of the covert channel is 94.19KB/s with negligible error.

翻译：分支预测、乱序执行和返回栈缓冲区（RSB）等性能增强机制已广泛应用于现代处理器。尽管这些技术成功提升了CPU性能，但其设计缺陷和安全漏洞的利用为Spectre、Meltdown等多种微架构攻击奠定了基础。虽然Meltdown和Spectre等攻击已在Intel处理器上得到大量实现与分析，但针对ARM处理器影响的评估研究较少。此外，基于RSB的Spectre攻击新变种SpectreRSB漏洞在近期研究中被忽视。本研究首次在ARM处理器上实现并评估SpectreRSB漏洞——据我们所知，此前尚无针对ARM处理器的相关实现与分析。我们进一步通过实现Spectre系列攻击的不同变种，对ARM处理器进行安全性评估。通过分析多种实验结果，我们评估了ARM处理器在不同微架构设计下的安全性。同时，我们基于RSB结构提出了一种高吞吐量、无噪声的隐蔽信道。实验表明，该隐蔽信道的吞吐量达94.19KB/s，且误差可忽略不计。