ConTExT: Leakage-Free Transient Execution
This addresses a critical security vulnerability in processors for users and systems, offering a more efficient solution than existing methods, though it builds incrementally on prior mitigation strategies.
The paper tackles the problem of secret data leakage during transient execution in modern processors by proposing ConTExT, a technique that prevents secrets from leaving registers transiently, transforming Spectre attacks into a solvable software issue with minimal modifications. It achieves full protection for secrets in memory and registers, showing no performance overhead for unprotected code and a 71.14% overhead for security-critical applications, which is below current state-of-the-art mitigations.
Out-of-order execution and speculative execution are among the biggest contributors to performance and efficiency of modern processors. However, they are inconsiderate, leaking secret data during the transient execution of instructions. Many solutions have been proposed against transient execution attacks. However, they do not eliminate the leakage entirely or introduce unacceptable performance penalties. In this paper, we propose ConTExT, a Considerate Transient Execution Technique. The basic idea of ConTExT is that secrets can enter registers, but not transiently leave them. ConTExT transforms Spectre from a problem that cannot be solved purely in software [53], to a problem that is not easy to solve, but solvable in software. For this, ConTExT requires minimal modifications of applications, compilers, operating systems, and the hardware. ConTExT offers full protection for secrets in memory and secrets in registers. We evaluate the security and performance of ConTExT. With its principled approach it inherently mitigates the recently found microarchitectural data sampling attacks on small processor buffers. Even when over-approximating, we observe no performance overhead for unprotected code and data, and an overhead of 71.14% for security-critical applications, which is below the overhead of currently recommended state-of-the-art mitigation strategies. The actual overhead of ConTExT is below 1% for real-world workloads.