| dc.contributor.author | Behrens, J | |
| dc.contributor.author | Cao, A | |
| dc.contributor.author | Skeggs, C | |
| dc.contributor.author | Belay, A | |
| dc.contributor.author | Frans Kaashoek, M | |
| dc.contributor.author | Zeldovich, N | |
| dc.date.accessioned | 2021-11-08T19:34:23Z | |
| dc.date.available | 2021-11-08T19:34:23Z | |
| dc.date.issued | 2020 | |
| dc.identifier.uri | https://hdl.handle.net/1721.1/137797 | |
| dc.description.abstract | © 2020 Proceedings of the 14th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2020. All rights reserved. Today's kernels pay a performance penalty for mitigations-such as KPTI, retpoline, return stack stuffing, speculation barriers-to protect against transient execution side-channel attacks such as Meltdown [21] and Spectre [16]. To address this performance penalty, this paper articulates the unmapped speculation contract, an observation that memory that isn't mapped in a page table cannot be leaked through transient execution. To demonstrate the value of this contract, the paper presents WARD, a new kernel design that maintains a separate kernel page table for every process. This page table contains mappings for kernel memory that is safe to expose to that process. Because a process doesn't map data of other processes, this design allows for many system calls to execute without any mitigation overhead. When a process needs access to sensitive data, WARD switches to a kernel page table that provides access to all of memory and executes with all mitigations. An evaluation of the WARD design implemented in the sv6 research kernel [8] shows that LEBench [24] can execute many system calls without mitigations. For some hardware generations, this results in performance improvement ranging from a few percent (huge page fault) to several factors (getpid), compared to a standard design with mitigations. | en_US |
| dc.language.iso | en | |
| dc.rights | Creative Commons Attribution-Noncommercial-Share Alike | en_US |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-sa/4.0/ | en_US |
| dc.source | MIT web domain | en_US |
| dc.title | Efficiently mitigating transient execution attacks using the unmapped speculation contract | en_US |
| dc.type | Article | en_US |
| dc.identifier.citation | Behrens, J, Cao, A, Skeggs, C, Belay, A, Frans Kaashoek, M et al. 2020. "Efficiently mitigating transient execution attacks using the unmapped speculation contract." Proceedings of the 14th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2020. | |
| dc.contributor.department | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory | |
| dc.relation.journal | Proceedings of the 14th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2020 | en_US |
| dc.eprint.version | Author's final manuscript | en_US |
| dc.type.uri | http://purl.org/eprint/type/ConferencePaper | en_US |
| eprint.status | http://purl.org/eprint/status/NonPeerReviewed | en_US |
| dc.date.updated | 2021-01-25T18:58:19Z | |
| dspace.orderedauthors | Behrens, J; Cao, A; Skeggs, C; Belay, A; Frans Kaashoek, M; Zeldovich, N | en_US |
| dspace.date.submission | 2021-01-25T18:58:28Z | |
| mit.license | OPEN_ACCESS_POLICY | |
| mit.metadata.status | Authority Work and Publication Information Needed | en_US |
