Anton Cao | Massachusetts Institute of Technology (MIT) (original) (raw)

Uploads

Papers by Anton Cao

Research paper thumbnail of Efficiently Mitigating Transient Execution Attacks using the Unmapped Speculation Contract

Today’s kernels pay a performance penalty for mitigations— such as KPTI, retpoline, return stack ... more Today’s kernels pay a performance penalty for mitigations— such as KPTI, retpoline, return stack stuffing, speculation barriers—to protect against transient execution side-channel attacks such as Meltdown [21] and Spectre [16]. To address this performance penalty, this paper articulates the unmapped speculation contract, an observation that memory that isn’t mapped in a page table cannot be leaked through transient execution. To demonstrate the value of this contract, the paper presents WARD, a new kernel design that maintains a separate kernel page table for every process. This page table contains mappings for kernel memory that is safe to expose to that process. Because a process doesn’t map data of other processes, this design allows for many system calls to execute without any mitigation overhead. When a process needs access to sensitive data, WARD switches to a kernel page table that provides access to all of memory and executes with all mitigations. An evaluation of the WARD d...

Research paper thumbnail of Efficiently Mitigating Transient Execution Attacks using the Unmapped Speculation Contract

Today’s kernels pay a performance penalty for mitigations— such as KPTI, retpoline, return stack ... more Today’s kernels pay a performance penalty for mitigations— such as KPTI, retpoline, return stack stuffing, speculation barriers—to protect against transient execution side-channel attacks such as Meltdown [21] and Spectre [16]. To address this performance penalty, this paper articulates the unmapped speculation contract, an observation that memory that isn’t mapped in a page table cannot be leaked through transient execution. To demonstrate the value of this contract, the paper presents WARD, a new kernel design that maintains a separate kernel page table for every process. This page table contains mappings for kernel memory that is safe to expose to that process. Because a process doesn’t map data of other processes, this design allows for many system calls to execute without any mitigation overhead. When a process needs access to sensitive data, WARD switches to a kernel page table that provides access to all of memory and executes with all mitigations. An evaluation of the WARD d...

Log In