Janus: Compiler-Based Defense Against Transient Execution Attacks Using ARM Hardware Primitives
It provides a low-overhead defense against Spectre and control-flow hijacking for ARM-based systems, which are increasingly prevalent in cloud and edge computing.
Janus is a compiler-based framework that mitigates transient execution attacks on ARM64, achieving an average performance overhead of 3.85% on SPEC CPU2017 and 2.97%-7.80% on real-world applications.
We present Janus, a compiler-based security framework that mitigates transient execution attacks like Spectre and control-flow hijacking on ARM64 platforms. Janus integrates speculative execution and control flow dependencies with PA modifiers, using PA and BTI microarchitectural features to prevent control-flow speculation attacks and secure both control flow and speculative execution through existing control-flow integrity mechanisms. To optimize performance, Janus minimizes overhead by merging defense operations across different defense layers (modifier fusion) and reusing registers of protected variables (carrier reuse), while maintaining strong security guarantees. Evaluation on SPEC CPU2017 shows an average performance overhead of 3.85%, with real-world applications exhibiting overheads ranging from 2.97% to 7.80%. Janus offers effective speculative execution security and low performance and code size overhead, making it a robust solution for ARM-based systems.