Opening Pandora's box: A systematic study of new ways microarchitecture can leak private data

Jose Rodrigo Sanchez Vicarte, Pradyumna Shome, Nandeeka Nayak, Caroline Trippel, Adam Morrison, David Kohlbrenner, Christopher W. Fletcher
[doi] [Google Scholar] [DBLP] [Citeseer]
Read: 20 August 2022

2021 ACM/IEEE 48th Annual International Symposium on Computer Architecture (ISCA)
Volume
Pages 347-360
June 2021
Note(s): weak memory, CPU verification, ISA specification, side-channel, speculative execution, uspec

Looks at more recent microarchitectural optimizations to see whether any are as bad as speculative execution. Spoiler alert: yes.

The optimizations they look at are

  • computation simplification
  • pipeline compression
  • silent stores
  • computation reuse
  • value prediction
  • register-file compression
  • data memory-dependent prefetches

Implementing some of these in gem5 lets them show that these can leak data at a high rate.

An interesting thing in this paper is the terminology “transmitter” for instructions that leak, “amplifiers” for instructions that make a uarch difference more obvious, and “receivers” for instructions that can observe the difference.