DDM: A Demand-based Dynamic Mitigation for SMT Transient Channels
This addresses a security vulnerability in computer systems using SMT technology, offering a practical defense against side-channel attacks, though it is incremental as it builds on existing mitigation techniques.
The paper tackles the problem of SMT transient channels, a type of microarchitecture side-channel attack that exploits shared resources between threads, by proposing DDM, a demand-based dynamic mitigation that writes security requirements to CPU registers and uses HLT instructions to dynamically control hyper-threading, resulting in effective protection against attacks like PortsMash with less than 8% performance loss.
Different from the traditional software vulnerability, the microarchitecture side channel has three characteristics: extensive influence, potent threat, and tough defense. The main reason for the micro-architecture side channel is resource sharing. There are many reasons for resource sharing, one of which is SMT (Simultaneous Multi-Threading) technology. In this paper, we define the SMT Transient Channel, which uses the transient state of shared resources between threads to steal information. To mitigate it, we designed a security demand-based dynamic mitigation (DDM) to Mitigate the SMT transient channels. The DDM writes the processes' security requirements to the CPU register sets, and the operating system calls the HLT instruction to dynamically turn on and off the hyper-threading according to the register values to avoid the side channels caused by execution resource sharing. During the implementation of the scheme, we modified the Linux kernel and used the MSR register groups of Intel processor. The evaluation results show that DDM can effectively protect against the transient side-channel attacks such as PortsMash that rely on SMT, and the performance loss of DDM is less than 8%.