You Shall Not Bypass: Employing data dependencies to prevent Bounds Check Bypass
A recent discovery of a new class of microarchitectural attacks called Spectre picked up the attention of the security community as these attacks can overcome many traditional mechanisms of defense, such as bounds checking. One of the attacks - Bounds Check Bypass - can neither be efficiently solved on system nor architectural levels, and requires changes in the application itself. So far, the proposed mitigations involved serialization, which reduces the usage of CPU resources and causes high overheads. In this work, we propose a method of only delaying the vulnerable instructions, without the necessity to completely serialize execution. Our prototype implemented as an LLVM pass causes 60 the full serialization causing 440
READ FULL TEXT