Efficiently mitigating transient execution attacks using the unmapped speculation contract

Behrens, J; Cao, A; Skeggs, C; Belay, A; Frans Kaashoek, M; Zeldovich, N

Author(s)

Behrens, J; Cao, A; Skeggs, C; Belay, A; Frans Kaashoek, M; ... Show more

DownloadAccepted version (294.0Kb)

Open Access Policy

Terms of use

Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/

Metadata

Show full item record

Abstract

© 2020 Proceedings of the 14th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2020. All rights reserved. Today's kernels pay a performance penalty for mitigations-such as KPTI, retpoline, return stack stuffing, speculation barriers-to protect against transient execution side-channel attacks such as Meltdown [21] and Spectre [16]. To address this performance penalty, this paper articulates the unmapped speculation contract, an observation that memory that isn't mapped in a page table cannot be leaked through transient execution. To demonstrate the value of this contract, the paper presents WARD, a new kernel design that maintains a separate kernel page table for every process. This page table contains mappings for kernel memory that is safe to expose to that process. Because a process doesn't map data of other processes, this design allows for many system calls to execute without any mitigation overhead. When a process needs access to sensitive data, WARD switches to a kernel page table that provides access to all of memory and executes with all mitigations. An evaluation of the WARD design implemented in the sv6 research kernel [8] shows that LEBench [24] can execute many system calls without mitigations. For some hardware generations, this results in performance improvement ranging from a few percent (huge page fault) to several factors (getpid), compared to a standard design with mitigations.

Date issued

2020

URI

https://hdl.handle.net/1721.1/137797

Department

Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory

Journal

Proceedings of the 14th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2020

Citation

Behrens, J, Cao, A, Skeggs, C, Belay, A, Frans Kaashoek, M et al. 2020. "Efficiently mitigating transient execution attacks using the unmapped speculation contract." Proceedings of the 14th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2020.

Version: Author's final manuscript

Collections

MIT Open Access Articles