STBPU: A Reasonably Secure Branch Prediction Unit
This addresses security issues in processors for computer architecture and cybersecurity, but it is incremental as it builds on existing mitigation approaches.
The paper tackles the problem of security vulnerabilities in modern processors' branch prediction units (BPUs) that enable attacks like eavesdropping and speculative execution, proposing STBPU to defend against these threats with minimal performance overhead.
Modern processors have suffered a deluge of threats exploiting branch instruction collisions inside the branch prediction unit (BPU), from eavesdropping on secret-related branch operations to triggering malicious speculative executions. Protecting branch predictors tends to be challenging from both security and performance perspectives. For example, partitioning or flushing BPU can stop certain collision-based exploits but only to a limited extent. Meanwhile, such mitigations negatively affect branch prediction accuracy and further CPU performance. This paper proposes Secret Token Branch Prediction Unit (STBPU), a secure BPU design to defend against collision-based transient execution attacks and BPU side channels while incurring minimal performance overhead. STBPU resolves the challenges above by customizing data representation inside BPU for each software entity requiring isolation. In addition, to prevent an attacker from using brute force techniques to trigger malicious branch instruction collisions, STBPU actively monitors the prediction-related events and preemptively changes BPU data representation.