摘要: |
在CPU指令流水线中,为了提高计算机系统的执行效率而加入的Cache、TLB等缓存结构是不同进程共享的,因此这些缓存以及相关执行单元在不同进程之间的共享在一定程度上打破了计算机系统中基于内存隔离实现的安全边界,进而打破了计算机系统的机密性和完整性。Spectre和Meltdown等漏洞的披露,进一步说明了处理器微体系结构所采用的乱序执行、分支预测和推测执行等性能优化设计存在着严重的安全缺陷,其潜在威胁将涉及到整个计算机行业的生态环境。然而,对于微体系结构的安全分析,到目前为止尚未形成较为成熟的研究框架。虽然当前针对操作系统内核及上层应用程序的漏洞检测和安全防护方面已经有较为成熟的方法和工具,但这些方法和工具并不能直接应用于对微体系结构漏洞的安全检测之中。一旦微体系结构中出现了漏洞将导致其危害更加广泛并且难以修复。此外,由于各个处理器厂商并没有公布微体系结构的实现细节,对于微体系结构安全研究人员来说,微体系结构仍然处于黑盒状态,并且缺少进行辅助分析的工具。这也使得微体系结构的安全分析变得十分困难。因此本文从当前处理器微体系结构设计中存在的安全威胁入手,分析了其在设计上导致漏洞产生的主要原因,对现有处理器微体系结构的7种主流攻击方法进行了分类描述和总结,分析对比现有的10种软硬件防护措施所采用的保护方法及实用效果,并从微体系结构漏洞研究方法、漏洞防护及安全设计等方面,进一步探讨了处理器微体系结构安全的研究方向和发展趋势。 |
关键词: 处理器微体系结构安全 微指令集漏洞 信息泄露 侧信道攻击 防御技术 |
DOI:10.19363/J.cnki.cn10-1380/tn.2022.07.02 |
Received:November 19, 2019Revised:November 19, 2019 |
基金项目:本课题得到了中国国家自然科学基金(No.61602470,No.61702508,No.61802394,No.U1836209,No.62032010),中国国家重点研究开发计划(No.2016QY071405),中国科学院战略重点研究计划(No.XDC02040100,No.XDC02030200,No.XDC02020200)的部分支持。 |
|
Survey on Security Researches of Processor's Microarchitecture |
YIN Jiawei,LI Menghao,HUO Wei |
Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;Key Laboratory of Network Assessment Technology, Chinese Academy of Sciences, Beijing 100195, China;Beijing Key Laboratory of Network Security and Protection Technology, Beijing 100195, China;School of CyberSpace Security, University of Chinese Academy of Sciences, Beijing 100049, China |
Abstract: |
In the instruction pipeline, cache structures such as Cache and TLB, which are added to improve the execution efficiency of computer systems, are shared by different processes. The sharing of these cache structures and related execution units between different processes breaks the security boundary implemented in computer systems based on memory isolation, which in turn breaks the confidentiality and integrity of entire computer systems. The disclosure of attacks on processor's micro-architecture such as Spectre and Meltdown indicates that the performance optimization techniques, such as out-of-order execution, branch prediction and speculative execution, that are used in current processors have some serious security flaws. They are capable to threat the entire computer ecosystem. Although there are many methods and tools for vulnerability detection and security protection of operating system kernel and user space applications, these methods and tools are not capable to be directly applied to detect the micro-architecture vulnerabilities which are hidden in the micro-architecture. Once a vulnerability occurs in a micro-architecture, it will be more dangerous and difficult to fix. In addition, because the implementation details of micro-architecture are not published by the processor vendors (e.g., Intel, AMD, and ARM), micro-architecture remains in a black-box state for micro-architecture security researchers. Moreover, there is a lack of tools and methods to assist in the analysis of micro-architecture. This also makes the security analysis of micro-architecture very difficult. Therefore, In this paper, we begin with the security threats in the current design of processormicro-architecture to analyze the roots of the micro-architecture vulnerabilities, and summarize seven attack methods on the existing processor micro-architecture. We systematically illustrate 10 kinds of software and hardware defense mechanisms and summarize the effects of them. Besides, we further discuss the research and development trend of micro-architecture security from the vulnerability examination approaches, vulnerability protection methods and security designs. |
Key words: processor's micro-architecture security micro-instruction set vulnerability information leakage side channel attack defense methods |