A Lightweight Isolation Mechanism for Secure Branch Predictors
Hosted in Virtual Platform
Hardware Security: Primitives, Architecture, Design & Test
DescriptionBranch predictors shared by different process leave the attackers with the opportunities for malicious training and malicious perception.
Instead of flush-based or physical isolation of hardware resources, we propose to use hardware-based thread-private random numbers to encode the contents of the branch predictor tables (both direction and destination histories).
It achieves a similar effect of logical isolation but adds little in terms of space or time overheads. Further, we propose a randomized index mechanism of the branch predictor.
This disrupts the correspondence between the branch instruction address and the branch predictor entry, thus increases the noise for malicious perception attacks.