Skip to content
/ stt Public
forked from cwfletcher/stt

License

BSD-3-Clause, Unknown licenses found

Licenses found

BSD-3-Clause
LICENSE
Unknown
COPYING
Notifications You must be signed in to change notification settings

Gerrie-Cui/stt

 
 

Repository files navigation

Speculative Taint Tracking (STT)

1. About STT

Speculative taint tracking (STT) is a hardware defense mechanism for blocking all types of speculative execution attacks in modern processors. All details can be found in our MICRO'19 paper here. Here is a sample format for citing our work:

@inproceedings{yu2019stt,
  title={Speculative Taint Tracking (STT) A Comprehensive Protection for Speculatively Accessed Data},
  author={Yu, Jiyong and Yan, Mengjia and Khyzha, Artem and Morrison, Adam and Torrellas, Josep and Fletcher, Christopher W},
  booktitle={Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture},
  pages={954--968},
  year={2019}
}

2. Implementation

We implement STT using Gem5 simulator. This is built on an early version of Gem5 (commit:38a1e23). To make the simulation close to a commodity processor, we use Gem5's o3 processor. The major changes are:

  • add taint tracking logic to track all tainted data
  • add delay logic for handling explicit channels (memory instructions)
  • add delay logic for handling implicit channels (branch prediction, memory speculation, ld-st forwarding)

3. Usage

1) Follow the steps for building Gem5 executable.

How to use Gem5 can be found here.

2) We add the following configurations for STT:

  • --threat_model [string]: different threat models

    • UnsafeBaseline: unmodified out-of-order processor without protection
    • Spectre: Spectre threat model (covering control-flow speculation)
    • Futuristic: Futuristic threat model (covering all types speculation, exceptions, interrupts)
  • --needsTSO [bool]: configure the consistency model

    • True: use Total Store Ordering (TSO) model
    • False: use Relaxed Consistency (RC) model
  • --STT [int]: configure STT

    • 0: disable STT (in this case, the defense scheme blocks all speculative transmitters)
    • 1: enable STT
  • --implicit_channel [int]: configure implicit channel protection

    • 0: ignore implicit channels
    • 1: enable protection against implicit channels

3) Sample scripts

We have a few sample scripts in './sample_scripts'.

About

No description, website, or topics provided.

Resources

License

BSD-3-Clause, Unknown licenses found

Licenses found

BSD-3-Clause
LICENSE
Unknown
COPYING

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C++ 76.5%
  • Python 17.3%
  • C 3.9%
  • Assembly 1.1%
  • HTML 0.4%
  • CMake 0.2%
  • Other 0.6%