Opening Pandora's box: A systematic study of new ways microarchitecture can leak private data

Jose Rodrigo Sanchez Vicarte, Pradyumna Shome, Nandeeka Nayak, Caroline Trippel, Adam Morrison, David Kohlbrenner, Christopher W. Fletcher
[doi] [Google Scholar] [DBLP] [Citeseer]
Read: 20 August 2022

2021 ACM/IEEE 48th Annual International Symposium on Computer Architecture (ISCA)
Volume
Pages 347-360
June 2021
Note(s): weak memory, CPU verification, ISA specification, side-channel, speculative execution, uspec

Looks at more recent microarchitectural optimizations to see whether any are as bad as speculative execution. Spoiler alert: yes.

The optimizations they look at are

computation simplification
pipeline compression
silent stores
computation reuse
value prediction
register-file compression
data memory-dependent prefetches

Implementing some of these in gem5 lets them show that these can leak data at a high rate.

An interesting thing in this paper is the terminology “transmitter” for instructions that leak, “amplifiers” for instructions that make a uarch difference more obvious, and “receivers” for instructions that can observe the difference.