The University of Southampton
University of Southampton Institutional Repository

BRB: mitigating branch predictor side-channels

BRB: mitigating branch predictor side-channels
BRB: mitigating branch predictor side-channels
Modern processors use branch prediction as an optimization to improve processor performance. Predictors have become larger and increasingly more sophisticated in order to achieve higher accuracies which are needed in high performance cores. However, branch prediction can also be a source of side channel exploits, as one context can deliberately change the branch predictor state and alter the instruction flow of another context. Current mitigation techniques either sacrifice performance for security, or fail to guarantee isolation when retaining the accuracy. Achieving both has proven to be challenging.

In this work we address this by, (1) introducing the notions of steady-state and transient branch predictor accuracy, and (2) showing that current predictors increase their misprediction rate by as much as 90% on average when forced to flush branch prediction state to remain secure. To solve this, (3) we introduce the branch retention buffer, a novel mechanism that partitions only the most useful branch predictor components to isolate separate contexts. Our mechanism makes thread isolation practical, as it stops the predictor from executing cold with little if any added area and no warm-up overheads. At the same time our results show that, compared to the state-of-the-art, average misprediction rates are reduced by 15-20% without increasing area, leading to a 2% performance increase.
Processor security, branch prediction, side-channel attacks, microarchitecture
Vougioukas, Ilias
b5654d64-ff5c-43ab-a005-97a72cc343d7
Sandberg, Andreas
d09c2a2a-151d-439c-b258-b852eeb56e33
Nikoleris, Nikos
be54f3c1-c36e-4dde-8611-0af54b56e033
Diestelhorst, Stephan
80286a84-4bcb-432e-9557-96bc4063df63
Al-Hashimi, Bashir
0b29c671-a6d2-459c-af68-c4614dce3b5d
Merrett, Geoff
89b3a696-41de-44c3-89aa-b0aa29f54020
Vougioukas, Ilias
b5654d64-ff5c-43ab-a005-97a72cc343d7
Sandberg, Andreas
d09c2a2a-151d-439c-b258-b852eeb56e33
Nikoleris, Nikos
be54f3c1-c36e-4dde-8611-0af54b56e033
Diestelhorst, Stephan
80286a84-4bcb-432e-9557-96bc4063df63
Al-Hashimi, Bashir
0b29c671-a6d2-459c-af68-c4614dce3b5d
Merrett, Geoff
89b3a696-41de-44c3-89aa-b0aa29f54020

Vougioukas, Ilias, Sandberg, Andreas, Nikoleris, Nikos, Diestelhorst, Stephan, Al-Hashimi, Bashir and Merrett, Geoff (2018) BRB: mitigating branch predictor side-channels. At International Symposium on High-Performance Computer Architecture (20/02/19) International Symposium on High-Performance Computer Architecture, Washington DC, United States. 16 - 20 Feb 2019. 12 pp. (In Press)

Record type: Conference or Workshop Item (Paper)

Abstract

Modern processors use branch prediction as an optimization to improve processor performance. Predictors have become larger and increasingly more sophisticated in order to achieve higher accuracies which are needed in high performance cores. However, branch prediction can also be a source of side channel exploits, as one context can deliberately change the branch predictor state and alter the instruction flow of another context. Current mitigation techniques either sacrifice performance for security, or fail to guarantee isolation when retaining the accuracy. Achieving both has proven to be challenging.

In this work we address this by, (1) introducing the notions of steady-state and transient branch predictor accuracy, and (2) showing that current predictors increase their misprediction rate by as much as 90% on average when forced to flush branch prediction state to remain secure. To solve this, (3) we introduce the branch retention buffer, a novel mechanism that partitions only the most useful branch predictor components to isolate separate contexts. Our mechanism makes thread isolation practical, as it stops the predictor from executing cold with little if any added area and no warm-up overheads. At the same time our results show that, compared to the state-of-the-art, average misprediction rates are reduced by 15-20% without increasing area, leading to a 2% performance increase.

Text BRB: Mitigating Branch Predictor Side-Channnels. - Author's Original
Restricted to Repository staff only until 20 February 2019.
Request a copy

More information

Accepted/In Press date: 5 November 2018
Venue - Dates: International Symposium on High-Performance Computer Architecture, Washington DC, United States, 2019-02-16 - 2019-02-20
Keywords: Processor security, branch prediction, side-channel attacks, microarchitecture

Identifiers

Local EPrints ID: 426627
URI: https://eprints.soton.ac.uk/id/eprint/426627
PURE UUID: 7226d8b8-fcec-4e28-9352-196ec8ce4df3
ORCID for Ilias Vougioukas: ORCID iD orcid.org/0000-0003-1444-4326
ORCID for Geoff Merrett: ORCID iD orcid.org/0000-0003-4980-3894

Catalogue record

Date deposited: 06 Dec 2018 17:30
Last modified: 14 Dec 2018 01:34

Export record

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of https://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×