SpecWands: An Efficient Priority-based Scheduler Against Speculation Contention Attacks

Transient Execution Attacks (TEAs) have gradually become a major security threat to modern high-performance processors. They exploit the vulnerability of speculative execution illegally access private data, and transmit them through timing-based covert channels. While new vulnerabilities are discovered continuously, channels can be categorised two types: 1) Persistent Type, in which based on layout changes buffering, e.g. caches or TLBs; 2) Volatile contention sharing resources, units issuing ports. The defenses against persistent-type been well addressed, while those for volatile-type still rather inadequate. Existing mitigation schemes volatile type such as Speculative Compression Time-Division-Multiplexing will introduce significant overhead due need stall pipeline disallow resource sharing. In this paper, we look into attacks with perspective, propose scheduling-based scheme, called SpecWands. It consists three priority-based scheduling policies prevent an attacker from transmitting secret different situations. SpecWands not only defend both inter-thread intra-thread attacks, but also keep most performance benefit resource-sharing. We evaluate its runtime SPEC 2017 benchmarks realistic programs. experimental results show that has advantage over other representative schemes.