This paper introduces Okapi, an innovative hardware/software cross-layer architecture designed to mitigate Transient Execution Side Channel (TES) attacks, including Spectre variants, in modern computing systems. A key contribution of Okapi is a set of security features building upon each other to offer various trade-offs between performance and security. At its core, Okapi allows for speculative data accesses if the targeted memory region has already been accessed non-speculatively before in the same trust domain. It delays first-time accesses until the speculation is resolved. Okapi stands out for its flexibility in security implementation. For environments with less stringent security needs, Okapi's features can be deactivated to eliminate performance overhead. When activated, the hardware modifications alone provide robust protection against transient execution attacks at a thread-level granularity, including all universal read gadgets like Spectre-PHT and Spectre-BTB. This incurs an average performance overhead of only 3.6 % for the SPEC CPU2017 benchmark suite. On top, Okapi introduces the OkapiReset instruction for additional software-level security support. This instruction, which can be manually inserted by developers or automatically via a compiler extension, allows for fully secure speculation and for trust domain sizes smaller than a thread. While the manual insertion of OkapiReset incurs an additional 0.6 % performance overhead, the automated compiler extension approach results in a 23.1 % overhead for making a cryptographic library fully secure. With an approximate 0.4 % hardware overhead, Okapi provides a highly scalable and adaptable solution for secure speculation in state-of-the-art processor design.
翻译:暂无翻译