ReversiSpec: Reversible Coherence Protocol for Defending Transient Attacks
The recent works such as InvisiSpec, SafeSpec, and Cleanup-Spec, among others, provided promising solutions to defend speculation induced (transient) attacks. However, they intro-duce delay either when a speculative load becomes safe in the redo approach or when it is squashed in the undo approach. We argue that it is due to the lack of fundamental mechanisms for reversing the effects of speculation in a cache coherence protocol. Based on mostly unmodified coherence protocol, the redo approach avoids leaving trace at the expense of double loads; the undo approach "stops the world" in recovery to avoid interference. This paper provides the first solution to the fundamental problem. Specifically, we propose ReversiSpec, a comprehensive solution to mitigate speculative induced attacks.ReversiSpec is a reversible approach that uses speculative buffers in all cache levels to record the effects of speculative execution. When a speculative load becomes safe, a merge operation adds the effects of speculative execution to the global state. When a speculative load is squashed, a purge operation clears the buffered speculative execution states from speculative buffer. The key problem solved by the paper is the first demonstration of a reversible cache coherence protocol that naturally rollbacks the effects of squashed speculative execution. We design two concrete coherence protocols, ReversiCC-Lazy and ReversiCC-Eager providing the same functionality with different trade-offs. Our solution closes a crucial gap in modern architecture: just like the mechanisms to roll back the speculation effects inside a processor, ReversiSpec provides the mechanisms to roll back the state of the whole coherence protocol.
READ FULL TEXT