Understanding and Improving the Performance of Mitigating Transient Execution Attacks

• dc.contributor.advisor: Kaashoek, M. Frans
• dc.contributor.advisor: Belay, Adam
• dc.contributor.author: Behrens, Jonathan
• dc.date.issued: 2022-02
• dc.date.submitted: 2022-03-04T20:47:43.860Z
• dc.identifier.uri: https://hdl.handle.net/1721.1/143165
• dc.description.abstract: This thesis makes two contributions: (1) a measurement study of the performance evolution of mitigations against transient execution attacks over generations of processors, and (2) the WARD kernel design, which eliminates as much as half the overhead of mitigations on older processors. The measurement study maps end-to-end overheads to the specific mitigations that cause them. It reveals that hardware fixes for several transient execution attacks have reduced overheads on OS heavy workloads by a factor of ten. However, overheads for JavaScript applications have remained roughly flat because they are caused by mitigations for attacks that even the most recent processors are still vulnerable to. Finally, the study shows that a few mitigations account for most performance costs. WARD is a novel operating system architecture that is resilient to transient execution attacks, yet avoids expensive software mitigations that existing operating systems employ when running on pre-2018 processors. It leverages a new hardware/software contract termed the Unmapped Speculation Contract, which describes limits on the speculative behavior of processors.
• dc.publisher: Massachusetts Institute of Technology
• dc.type: Thesis
• dc.description.degree: Ph.D.
• dc.contributor.department: Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
• mit.thesis.degree: Doctoral
• thesis.degree.name: Doctor of Philosophy