Modern microprocessors depend on speculative execution, creating vulnerabilities that enable transient execution attacks. Prior defenses target speculative data leakage but overlook false dependencies from partial address aliasing, where repeated squash and reissue events increase the load-store latency, which is exploited by the SPOILER attack. We present SPOILER-GUARD, a hardware defense that obfuscates speculative dependency resolution by dynamically randomizing the physical address bits used for load-store comparisons and tagging store entries to prevent latency-amplifying misspeculations. Implemented in gem5 and evaluated with SPEC 2017, SPOILER-GUARD reduces misspeculation to 0.0004 percent and improves integer and floating-point performance by 2.12 and 2.87 percent. HDL synthesis with Synopsys Design Compiler at 14 nm node demonstrates minimal overheads - 69 ps latency in critical path, 0.064 square millimeter in area, and 5.863 mW in power.
翻译:现代微处理器依赖于推测执行,这造成了可利用瞬态执行攻击的漏洞。现有防御措施主要针对推测性数据泄露,但忽略了由部分地址别名引起的虚假依赖,其中重复的流水线清空与重新发射事件会增加加载-存储操作的延迟,这正是SPOILER攻击所利用的漏洞。本文提出SPOILER-GUARD,一种硬件防御机制,它通过动态随机化用于加载-存储比较的物理地址位并对存储条目进行标记,以混淆推测性依赖关系的解析,从而防止导致延迟放大的错误推测。在gem5中实现并使用SPEC 2017进行评估,SPOILER-GUARD将错误推测率降低至0.0004%,并将整数和浮点性能分别提升2.12%和2.87%。使用Synopsys Design Compiler在14纳米工艺节点进行HDL综合的结果显示其开销极小:关键路径延迟为69皮秒,面积为0.064平方毫米,功耗为5.863毫瓦。