Speculative taint tracking (STT)
نویسندگان
چکیده
Speculative execution attacks present an enormous security threat, capable of reading arbitrary program data under malicious speculation, and later exfiltrating that over microarchitectural covert channels. This paper proposes speculative taint tracking (STT), a high performance hardware mechanism to block these attacks. The main idea is it safe execute selectively forward the results instructions read secrets, as long we can prove forwarded do not reach potential technical core new abstraction help identify all micro-architectural channels, architecture quickly when channel no longer threat. We further conduct detailed formal analysis on scheme in companion document. When evaluated SPEC06 workloads, STT incurs 8.5% or 14.5% overhead relative insecure machine.
منابع مشابه
GPU Taint Tracking
Dynamic tainting tracks the influence of certain inputs (taint sources) through execution and it is a powerful tool for information flow analysis and security. Taint tracking has primarily targeted CPU program executions. Motivated by recent recognition of information leaking in GPU memory and GPU-resident malware, this paper presents the first design and prototype implementation of a taint tra...
متن کاملDynamic Taint Tracking in Managed Runtimes
This paper provides a taxonomy of runtime taint tracking approaches for managed code, such as code written in Java, C#, PHP, Perl, or Ruby. It covers main applications of data tainting such as preventing web application vulnerabilities including crosssite scripting and SQL injection attacks, along with disallowing privacy-sensitive data leaks. In addition to giving an overview of related litera...
متن کاملPractical and effcient runtime taint tracking
Runtime taint tracking is a technique for controlling data propagation in applications. It is typically used to prevent disclosure of confidential information or to avoid application vulnerabilities. Taint tracking systems intercept application operations at runtime, associate meta-data with the data being processed and inspect the meta-data to detect unauthorised data propagation. To keep meta...
متن کاملTaint-Exchange: A Generic System for Cross-Process and Cross-Host Taint Tracking
Dynamic taint analysis (DTA) has been heavily used by security researchers for various tasks, including detecting unknown exploits, analyzing malware, preventing information leaks, and many more. Recently, it has been also utilized to track data across processes and hosts to shed light on the interaction of distributed components, but also for security purposes. This paper presents Taint-Exchan...
متن کاملLazyTainter : Memory - Efficient Taint Tracking in Managed Runtimes
LazyTainter : Memory-Efficient Taint Tracking in Managed Runtimes Zheng Wei Master of Science Graduate Department of Computer Science University of Toronto 2014 The leakage of private information is of great concern on mobile devices since they contain a great deal of sensitive information. This has spurred interest in the use of taint tracking systems to track and monitor the flow of private i...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Communications of The ACM
سال: 2021
ISSN: ['1557-7317', '0001-0782']
DOI: https://doi.org/10.1145/3491201