Skip to content

cwfletcher/sdo

BranchesTags

Repository files navigation

Speculaive Data-Oblivious Execution (SDO) -- ISCA 2020

1. About SDO

Speculative Data Oblivious Execution (SDO) is a safe mechanism for improving speed of delay execution schemes (such as Speculative Taint Tracking (STT) (MICRO'19)) by executing leaky long-latency operations (such as loads) speculatively in a data-oblivious manner. More details can be found in our ISCA'20 paper here. Here is a sample format for citing our work:

@inproceedings{yu2020sdo,
  title={Speculative Data-Oblivious Execution: Mobilizing Safe Prediction For Safe and Efficient Speculative Execution},
  author={Yu, Jiyong and Mantri, Namrata and Torrellas, Josep and Morrison, Adam and Fletcher, Christopher W},
  booktitle={Proceedings of the ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA)},
  pages={707---720},
  year={2020}
}

2. How is SDO implemented

We implement SDO on top of Gem5 simulator, which is a cycle-accurate simulator with both system call emulation and full system modes. SDO is implemented on an early version of Gem5 (commit:38a1e23). SDO is fully implemented on Gem5's O3 processor and Ruby memory subsystem.

SDO relies on STT to identify leakage (via tainting/untainting) and explicit/implicit channels. The major changes of SDO are:

  • implementing a variety of location predictors
  • adding logic in load-store unit for issuing Obl-Ld requests for protecting unsafe loads
  • adding logic in memory subsystem for implementing safe Obl-Ld operations at each cache level

3. How to use SDO

1) Build Gem5 executable

We use X86 architecture and Ruby memory model. To build the Gem5 executable (such as gem5.opt):

scons build/X86_MESI_Three_Level/gem5.opt

2) Run Gem5 executable

We provide a sample script in './sample_script' to run different configurations, including Unsafe baseline, STT and SDO.

3) Different SDO options

SDO supports different modes, and different predictor variants and configurations. Here we enumerate all important options:

  • --scheme=[string]: different protection schemes

    • UnsafeBaseline: unmodified processor without any protection
    • DelayExecute: after identifying unsafe operations, delay the execution of those operations
    • SDO: after idenfitying unsafe operations, using SDO to execute those operations safely

  • -- mem_model=[string]: memory consistency model

    • TSO: Total Store Ordering (TSO) model
    • RC: Released consistency (RC) model

  • -- threat_model=[string]: attacker model

    • Spectre: Spectre threat model (covering control-flow speculation)
    • Futuristic: Futuristic threat model (covering all types of speculations, exceptions, interrupts)

  • --STT=[int]: whether STT is enabled

    • 0: disable STT (all speculative transmitters are unsafe)
    • 1: enable STT (STT's taint tracking determines which transmtters are unsafe and requires protection)

  • --impChannel=[int]: whether STT's implicit channel protection is enabled

    • 0: disable STT's implicit channel protection
    • 1: enabling STT's implicit channel protection

  • --pred_type=[string]: location predictor type

    • static: static location predictor. Predict a constant level.
    • greedy: Greedy location predictor
    • hysteresis: Hysteresis location predictor
    • local: Local location predictor
    • loop: Loop location predictor
    • random: Random location predictor. Predict a random level.
    • perfect: Perfect location predictor. Predict the correct level.
    • tournament_2way: combining two predictors (e.g., greedy + hysteresis)
    • tournament_3way: combining three predictors (e.g., greedy + hysteresis + local)

  • --pred_option=[number]: parameters for location predictor

    • (for static): 0 - always predicting L1; 1 - always predicting L2; 2 - always predicting L3 ; 3 - alwasy predicting DRAM
    • (for greedy, hysteresis, local, loop, perfect, tournament_2way/3way): 0 - can predict any level; 1 - don't predict DRAM; 2 - don't predict DRAM+LLC

  • --subpred1_type=[string]: the first component of a tournament_2way/tournament_3way predictor

    • choose from any --pred_type options

  • --subpred2_type=[string]: the second component of a tournament_2way/tournament_3way predictor

    • choose from any --pred_type options

  • --subpred3_type=[string]: the third component of a tournament_3way predictor

    • choose from any --pred_type options

  • --TLB_defense=[string]: TLB defense option

    • No: No TLB defense
    • SDO: SDO's TLB defense: on TLB misses, proceed with predicted page number
    • UnsafeDelay: on TLB misses, delay the memory access

About

No description, website, or topics provided.

Resources

Readme

License

BSD-3-Clause, Unknown licenses found

Licenses found

BSD-3-Clause
LICENSE
Unknown
COPYING
Activity

Stars

7 stars

Watchers

2 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages