Modern processors employ optimization techniques such as out-of-order and speculative execution to maximize the performance. However, they may leave observable side effects that leak the secrets of the system. This phenomenon has led to a proliferation of Spectre and Meltdown attack variants, and this trend will likely continue in the near future. While many makeshift countermeasures have been proposed, they are either not adequately effective or come with inadvertent consequences. New types of processors are designed to deal with these problems; however, those older ones in billions of devices that are currently being used cannot easily or even possibly be replaced. In this chapter, therefore, the authors provide a cross-platform, micro-agent detection system, which can detect four main types of Spectre variants and one variant of Meltdown in real-time in these devices. The empirical performance tests show that the micro-agent system and the in-built detection mechanisms are efficient and effective in detecting such attacks.
TopIntroduction
With the advancement of IoT technology, we have already seen some of the changes in how we interact with everyday digital objects (e.g., smart wearable devices, smart home appliances, etc.). The visions for IoT are that millions and billions of electronic devices will be connected to each other and the network allowing individuals to communicate with various machines, and machines to interact with other machines. To increase the processing power to accommodate the needs of the newly IoT devices as well as the traditional devices (e.g., laptops, desktops), more and more vendors have been shifting focus from the processing technology (because of the physical limitations, e.g. it is becoming very hard to keep shrinking transistor size,) and increasing clock frequency to increasing the number of cores and optimizing of the instruction pipeline. By parallelizing the pipelines that allow the instructions in the instruction stream to be executed ahead of time or even out-of-order, massive performance gains can be achieved. In order to keep the pipelines always full and hence keep the performance gain, modern processors use optimizations techniques such as branch prediction and out-of-order execution to predict the control flow, data dependencies and possibly even the actual data. As it is always possible that a prediction is wrong, the pipeline may be partially flushed and any results ensuing from that prediction to ensure the correctness of any function, discarded. From here, the name of transient execution is derived (Kocher et al. 2019; Lipp et al. 2018). As instructions are executed transiently (e.g., after the prediction), and their results removed if the predictions are indeed wrong, it is comparable to the processors idling at the architectural level during the transient execution process.
Although the effects of transient execution at the architectural level will be discarded in the end, the side effects from microarchitecture level and the implications might remain. As some of these side effects can be leveraged to leak secrets of the system to third-parties, attacks such as Spectre (Kocher et al. 2019), Meltdown (Lipp et al. 2018), and Foreshadow (Van Bulck et al. 2018) are derived from these phenomenons. The CPUs that are susceptible to these attacks are from all the major vendors, Intel, ARM, AMD. In other words, all the IoT devices (including the traditional desktops and laptops) with processing powers inside are susceptible to one type or another these transient attacks.
New types of the aforementioned attacks may continue to emerge in the near future, and the patches or makeshifts are not effective enough (Sebastian 2018) or incur inadvertent consequences (Steven 2018). Although new processors can be designed to root out the problem, however, there are billions of devices currently being used that are susceptible to these attacks. Therefore, in this chapter, we present the design of a cross-platform, light weight, micro-agent system that can detect the Spectre and Meltdown attack variants in real-time, and therefore provide adequate protection on platforms with heterogeneous operating platforms, including networked computational IoT networks.
The contributions of this work include the following: