Efficiently mitigating transient execution attacks using the unmapped speculation contract

Behrens, J; Cao, A; Skeggs, C; Belay, A; Frans Kaashoek, M; Zeldovich, N

Author(s)

Behrens, J; Cao, A; Skeggs, C; Belay, A; Frans Kaashoek, M; ... Show more

DownloadAccepted version (294.0Kb)

Open Access Policy

Terms of use

Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/

Metadata

Show full item record

Abstract

© 2020 Proceedings of the 14th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2020. All rights reserved. Today's kernels pay a performance penalty for mitigations-such as KPTI, retpoline, return stack stuffing, speculation barriers-to protect against transient execution side-channel attacks such as Meltdown [21] and Spectre [16]. To address this performance penalty, this paper articulates the unmapped speculation contract, an observation that memory that isn't mapped in a page table cannot be leaked through transient execution. To demonstrate the value of this contract, the paper presents WARD, a new kernel design that maintains a separate kernel page table for every process. This page table contains mappings for kernel memory that is safe to expose to that process. Because a process doesn't map data of other processes, this design allows for many system calls to execute without any mitigation overhead. When a process needs access to sensitive data, WARD switches to a kernel page table that provides access to all of memory and executes with all mitigations. An evaluation of the WARD design implemented in the sv6 research kernel [8] shows that LEBench [24] can execute many system calls without mitigations. For some hardware generations, this results in performance improvement ranging from a few percent (huge page fault) to several factors (getpid), compared to a standard design with mitigations.

Date issued

2020

URI

https://hdl.handle.net/1721.1/137797

Journal

Proceedings of the 14th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2020

Citation

Behrens, J, Cao, A, Skeggs, C, Belay, A, Frans Kaashoek, M et al. 2020. "Efficiently mitigating transient execution attacks using the unmapped speculation contract." Proceedings of the 14th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2020.

Version: Author's final manuscript

Collections

MIT Open Access Articles