BranchCloak: Mitigating Side-Channel Attacks on Directional Branch Predictors
Abstract
:1. Introduction
- if (secret) { A; } else { B; }
- We propose BranchCloak, a novel software-based mitigation technique against PHT-based side-channel attacks. BranchCloak hinders attackers from inferring the branch direction of a target branch by randomizing the corresponding PHT-state with r-branches.
- We reverse-engineer the PHT structure of Intel processors to learn how to collide a target branch with r-branches in the PHT, which is necessary to implement BranchCloak.
- We implement BranchCloak, and evaluate its performance regarding the execution and storage overhead by performing extensive experiments with real-world cryptographic applications.
2. Background
2.1. Branch Predictor Unit
2.2. PHT-Based Side-Channel Attacks
2.2.1. PHT Entry Collision
2.2.2. General Attack Description
- Step 1.
- (Initialize) The attacker forces a victim to use either a one-level or two-level directional predictor and initializes a target PHT entry into the attacker’s desired state.
- Step 2.
- (Wait) The attacker waits for the victim to execute the target branch. The PHT state will change according to the execution result. For instance, the state changes one step toward Strongly Taken if the target branch was executed as taken. Otherwise, the state changes toward Strongly Not-taken.
- Step 3.
- (Probe) After the victim’s execution, the attacker probes to see whether the target branch was actually taken or not. For this, the attacker uses his/her own branch instruction that collides with the target branch to infer the PHT state.
3. The Proposed Method
3.1. Attack Model
3.2. BranchCloak
3.2.1. Overview
3.2.2. The Number of Bits to Align in PHT
Listing 1. Two branches referencing the same PHT entry. |
- Step 1.
- Initialize the branch prediction unit so as to activate a one-level predictor. We use a PHT randomization code [21] to achieve this.
- Step 2.
- Run the branch_one() function with the argument a = 1 twice to make the state of the PHT entry change to taken. As the one-level predictor uses a two-bit saturating counter, the PHT state moves to taken if at least two executions of the branch instruction are taken, regardless of the initialized state.
- Step 3.
- Run the branch_two() function with the argument b = 1 and measure the branch prediction result. If the two branches share the same PHT entry, the execution of branch_two() will result in a prediction hit.
3.2.3. The Randomizing Branch
- Q1. How many r-branches are necessary to obfuscate the PHT state?
- Q2. In which direction should the r-branches be executed?
3.2.4. BranchCloak with Two-Level Predictor
3.3. Implementation
Listing 2. Code snippet with a secret-dependent conditional branch. |
Listing 3. Code snippet with two r-branches augmented. |
Listing 4. Code snippet in assembly with r-branches aligned. |
4. Security Analysis
4.1. Security Regarding the Location of r-Branches
4.2. Security Against Single-Stepping Attackers
4.3. Security Against Various Attacker Capabilities
5. Performance Analysis
Listing 5. Sliding-window modular exponentiation in OpenSSL. |
Listing 6. Sliding-window modular exponentiation in MbedTLS. |
Listing 7. Left-to-right scalar multiplication in Libgcrypt. |
5.1. Execution Overhead
5.2. Program Size Overhead
5.3. Microarchitectural Side-Effects
6. Limitations
6.1. Applying BranchCloak to Various Architectures
6.2. Identifying Vulnerable Branches
7. Related Work
8. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Kocher, P.; Horn, J.; Fogh, A.; Genkin, D.; Gruss, D.; Haas, W.; Hamburg, M.; Lipp, M.; Mangard, S.; Prescher, T.; et al. Spectre attacks: Exploiting speculative execution. In Proceedings of the 2019 IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 19–23 May 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 1–19. [Google Scholar]
- Lipp, M.; Schwarz, M.; Gruss, D.; Prescher, T.; Haas, W.; Fogh, A.; Horn, J.; Mangard, S.; Kocher, P.; Genkin, D.; et al. Meltdown: Reading kernel memory from user space. In Proceedings of the 27th USENIX Security Symposium (USENIX Security 18), Baltimore, MD, USA, 15–17 August 2018; pp. 973–990. [Google Scholar]
- Maisuradze, G.; Rossow, C. ret2spec: Speculative execution using return stack buffers. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada, 15–19 October 2018; pp. 2109–2122. [Google Scholar]
- Wikner, J.; Razavi, K. {RETBLEED}: Arbitrary Speculative Code Execution with Return Instructions. In Proceedings of the 31st USENIX Security Symposium (USENIX Security 22), Boston, MA, USA, 10–12 August 2022; pp. 3825–3842. [Google Scholar]
- Bhattacharyya, A.; Sandulescu, A.; Neugschwandtner, M.; Sorniotti, A.; Falsafi, B.; Payer, M.; Kurmus, A. Smotherspectre: Exploiting speculative execution through port contention. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK, 11–15 November 2019; pp. 785–800. [Google Scholar]
- Horn, J. Speculative Execution, Variant 4: Speculative Store Bypass. 2018. Available online: https://bugs.chromium.org/p/project-zero/issues/detail?id=1528 (accessed on 12 February 2025).
- Xu, Y.; Cui, W.; Peinado, M. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In Proceedings of the 2015 IEEE Symposium on Security and Privacy, San Jose, CA, USA, 17–20 May 2015; IEEE: Piscataway, NJ, USA, 2015; pp. 640–656. [Google Scholar]
- Van Bulck, J.; Weichbrodt, N.; Kapitza, R.; Piessens, F.; Strackx, R. Telling Your Secrets without Page Faults: Stealthy Page {Table-Based} Attacks on Enclaved Execution. In Proceedings of the 26th USENIX Security Symposium (USENIX Security 17), Vancouver, BC, Canada, 16–18 August 2017; pp. 1041–1056. [Google Scholar]
- Gras, B.; Razavi, K.; Bos, H.; Giuffrida, C. Translation leak-aside buffer: Defeating cache side-channel protections with {TLB} attacks. In Proceedings of the 27th USENIX Security Symposium (USENIX Security 18), Baltimore, MD, USA, 15–17 August 2018; pp. 955–972. [Google Scholar]
- Schwarz, M.; Lipp, M.; Moghimi, D.; Van Bulck, J.; Stecklina, J.; Prescher, T.; Gruss, D. ZombieLoad: Cross-privilege-boundary data sampling. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK, 11–15 November 2019; pp. 753–768. [Google Scholar]
- Van Schaik, S.; Milburn, A.; Österlund, S.; Frigo, P.; Maisuradze, G.; Razavi, K.; Bos, H.; Giuffrida, C. RIDL: Rogue in-flight data load. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 19–23 May 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 88–105. [Google Scholar]
- Koruyeh, E.M.; Khasawneh, K.N.; Song, C.; Abu-Ghazaleh, N.B. Spectre Returns! Speculation Attacks using the Return Stack Buffer. In Proceedings of the WOOT@ USENIX Security Symposium, Baltimore, MD, USA, 13–14 August 2018. [Google Scholar]
- Barberis, E.; Frigo, P.; Muench, M.; Bos, H.; Giuffrida, C. Branch History Injection: On the Effectiveness of Hardware Mitigations Against {Cross-Privilege} Spectre-v2 Attacks. In Proceedings of the 31st USENIX Security Symposium (USENIX Security 22), Boston, MA, USA, 10–12 August 2022; pp. 971–988. [Google Scholar]
- Behnia, M.; Sahu, P.; Paccagnella, R.; Yu, J.; Zhao, Z.N.; Zou, X.; Unterluggauer, T.; Torrellas, J.; Rozas, C.; Morrison, A.; et al. Speculative interference attacks: Breaking invisible speculation schemes. In Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Lausanne, Switzerland, 19–23 April 2021; pp. 1046–1060. [Google Scholar]
- Li, L.; Yavarzadeh, H.; Tullsen, D. Indirector: High-Precision Branch Target Injection Attacks Exploiting the Indirect Branch Predictor. In Proceedings of the 33rd USENIX Security Symposium (USENIX Security 24), Philadelphia, PA, USA, 14–16 August 2024; pp. 2137–2154. [Google Scholar]
- Cheng, S.H.W.; Chuengsatiansup, C.; Genkin, D.; McNeil, D.; Murray, T.; Yarom, Y.; Zhang, Z. Evict+ Spec+ Time: Exploiting Out-of-Order Execution to Improve Cache-Timing Attacks. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2024, 2024, 224–248. [Google Scholar] [CrossRef]
- Ragab, H.; Mambretti, A.; Kurmus, A.; Giuffrida, C. GhostRace: Exploiting and Mitigating Speculative Race Conditions. In Proceedings of the 33rd USENIX Security Symposium (USENIX Security 24), Philadelphia, PA, USA, 14–16 August 2024; pp. 6185–6202. Available online: https://www.vusec.net/projects/ghostrace (accessed on 16 February 2025).
- Jang, H.; Kim, T.; Shin, Y. SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR in macOS for Apple Silicon. In Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security, Salt Lake City, UT, USA, 14–18 October 2024; pp. 64–78. [Google Scholar]
- Zhang, J.; Chen, C.; Cui, J.; Li, K. Timing side-channel attacks and countermeasures in CPU microarchitectures. ACM Comput. Surv. 2024, 56, 1–40. [Google Scholar] [CrossRef]
- Chowdhuryy, M.H.I.; Zheng, H.; Yao, F. MetaLeak: Uncovering Side Channels in Secure Processor Architectures Exploiting Metadata. In Proceedings of the 2024 ACM/IEEE 51st Annual International Symposium on Computer Architecture (ISCA), Buenos Aires, Argentina, 29 June–3 July 2024; IEEE: Piscataway, NJ, USA, 2024; pp. 693–707. [Google Scholar]
- Evtyushkin, D.; Riley, R.; Abu-Ghazaleh, N.C.; Ponomarev, D. BranchScope: A New Side-Channel Attack on Directional Branch Predictor. In Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems, Williamsburg, VA, USA, 4–11 August 2018; pp. 693–707. [Google Scholar]
- Huo, T.; Meng, X.; Wang, W.; Hao, C.; Zhao, P.; Zhai, J.; Li, M. Bluethunder: A 2-level Directional Predictor Based Side-Channel Attack against SGX. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019, 2020, 321–347. [Google Scholar] [CrossRef]
- Chowdhuryy, M.H.I.; Yao, F. Leaking Secrets through Modern Branch Predictor in the Speculative World. IEEE Trans. Comput. 2021, 71, 2059–2072. [Google Scholar] [CrossRef]
- Xu, T.; Ding, A.A.; Fei, Y. TrustZoneTunnel: A Cross-World Pattern History Table-Based Microarchitectural Side-Channel Attack. In Proceedings of the 2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), Washington, DC, USA, 6–9 May 2024; IEEE: Piscataway, NJ, USA, 2024; pp. 1–11. [Google Scholar]
- Ronen, E.; Gillham, R.; Genkin, D.; Shamir, A.; Wong, D.; Yarom, Y. The 9 lives of Bleichenbacher’s CAT: New cache attacks on TLS implementations. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 19–23 May 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 435–452. [Google Scholar]
- Yavarzadeh, H.; Agarwal, A.; Christman, M.; Garman, C.; Genkin, D.; Kwong, A.; Moghimi, D.; Stefan, D.; Taram, K.; Tullsen, D. Pathfinder: High-resolution control-flow attacks exploiting the conditional branch predictor. In Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, San Diego, CA, USA, 27 April–1 May 2024; Volume 3, pp. 770–784. [Google Scholar]
- Rane, A.; Lin, C.; Tiwari, M. Raccoon: Closing Digital Side-Channels through Obfuscated Execution. In Proceedings of the 24th USENIX Security Symposium (USENIX Security 15), Washington, DC, USA, 10–12 August 2015; pp. 431–446. [Google Scholar]
- Coppens, B.; Verbauwhede, I.; De Bosschere, K.; De Sutter, B. Practical mitigations for timing-based side-channel attacks on modern x86 processors. In Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, Oakland, CA, USA, 17–20 May 2009; IEEE: Piscataway, NJ, USA, 2009; pp. 45–60. [Google Scholar]
- Choi, Y.; Knies, A.; Gerke, L.; Ngai, T.F. The impact of if-conversion and branch prediction on program execution on the intel itanium processor. In Proceedings of the 34th ACM/IEEE International Symposium on Microarchitecture, Austin, TX, USA, 1–5 December 2001; p. 182. [Google Scholar]
- Hosseinzadeh, S.; Liljestrand, H.; Leppänen, V.; Paverd, A. Mitigating branch-shadowing attacks on intel sgx using control flow randomization. In Proceedings of the 3rd Workshop on System Software for Trusted Execution, Toronto, ON, Canada, 15 October 2018; pp. 42–47. [Google Scholar]
- Lee, S.; Shih, M.W.; Gera, P.; Kim, T.; Kim, H.; Peinado, M. Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In Proceedings of the 26th USENIX Security Symposium (USENIX Security 17), Vancouver, BC, Canada, 16–18 August 2017; pp. 557–574. [Google Scholar]
- Gruss, D.; Lipp, M.; Schwarz, M.; Fellner, R.; Maurice, C.; Mangard, S. Kaslr is dead: Long live kaslr. In Proceedings of the International Symposium on Engineering Secure Software and Systems, Bonn, Germany, 3–5 July 2017; Springer: Berlin/Heidelberg, Germany, 2017; pp. 161–176. [Google Scholar]
- Ainsworth, S.; Jones, T.M. Muontrap: Preventing cross-domain spectre-like attacks by capturing speculative state. In Proceedings of the 2020 ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA), Virtual, 29 May–3 June 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 132–144. [Google Scholar]
- Vougioukas, I.; Nikoleris, N.; Sandberg, A.; Diestelhorst, S.; Al-Hashimi, B.M.; Merrett, G.V. BRB: Mitigating Branch Predictor Side-Channels. In Proceedings of the 2019 IEEE International Symposium on High Performance Computer Architecture (HPCA), Washington, DC, USA, 16–20 February 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 466–477. [Google Scholar]
- Zhao, L.T.; Hou, R.; Wang, K.; Su, Y.L.; Li, P.N.; Meng, D. A Novel Probabilistic Saturating Counter Design for Secure Branch Predictor. J. Comput. Sci. Technol. 2021, 36, 1022–1036. [Google Scholar] [CrossRef]
- Evtyushkin, D.; Ponomarev, D.; Abu-Ghazaleh, N. Understanding and mitigating covert channels through branch predictors. ACM Trans. Archit. Code Optim. (TACO) 2016, 13, 1–23. [Google Scholar] [CrossRef]
- Chen, C.; Shen, C.; Zhang, J. Lightweight and Secure Branch Predictors against Spectre Attacks. In Proceedings of the 2022 27th Asia and South Pacific Design Automation Conference (ASP-DAC), Virtual, 17–20 January 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 25–30. [Google Scholar]
- Zhao, L.; Li, P.; Hou, R.; Huang, M.C.; Li, J.; Zhang, L.; Qian, X.; Meng, D. A lightweight isolation mechanism for secure branch predictors. In Proceedings of the 2021 58th ACM/IEEE Design Automation Conference (DAC), Virtual, 5–9 December 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 1267–1272. [Google Scholar]
- Sakalis, C.; Kaxiras, S.; Ros, A.; Jimborean, A.; Själander, M. Efficient invisible speculative execution through selective delay and value prediction. In Proceedings of the 2019 ACM/IEEE 46th Annual International Symposium on Computer Architecture (ISCA), Phoenix, AZ, USA, 22–26 June 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 723–735. [Google Scholar]
- Yavarzadeh, H.; Taram, M.; Narayan, S.; Stefan, D.; Tullsen, D. Half&Half: Demystifying Intel’s Directional Branch Predictors for Fast, Secure Partitioned Execution. In Proceedings of the 2023 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 22–24 May 2023; IEEE Computer Society: Piscataway, NJ, USA, 2023; pp. 1220–1237. [Google Scholar]
- Yarom, Y.; Genkin, D.; Heninger, N. CacheBleed: A timing attack on OpenSSL constant-time RSA. J. Cryptogr. Eng. 2017, 7, 99–112. [Google Scholar] [CrossRef]
- Mittal, S. A survey of techniques for dynamic branch prediction. Concurr. Comput. Pract. Exp. 2019, 31, e4666. [Google Scholar] [CrossRef]
- Seznec, A. Tage-sc-l branch predictors again. In Proceedings of the 5th JILP Workshop on Computer Architecture Competitions (JWAC-5): Championship Branch Prediction (CBP-5), Seoul, Korea, 18 June 2016. [Google Scholar]
- Suggs, D.; Subramony, M.; Bouvier, D. The AMD “Zen 2” Processor. IEEE Micro 2020, 40, 45–52. [Google Scholar] [CrossRef]
- Yarom, Y.; Falkner, K. {FLUSH+ RELOAD}: A High Resolution, Low Noise, L3 Cache {Side-Channel} Attack. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security 14), San Diego, CA, USA, 20–22 August 2014; pp. 719–732. [Google Scholar]
- Gruss, D.; Maurice, C.; Wagner, K.; Mangard, S. Flush+ Flush: A fast and stealthy cache attack. In Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Donostia-San SebastiÃin, Spain, 7–8 July 2016; Springer: Berlin/Heidelberg, Germany, 2016; pp. 279–299. [Google Scholar]
- Gruss, D.; Spreitzer, R.; Mangard, S. Cache Template Attacks: Automating Attacks on Inclusive {Last-Level} Caches. In Proceedings of the 24th USENIX Security Symposium (USENIX Security 15), Washington, DC, USA, 10–12 August 2015; pp. 897–912. [Google Scholar]
- Irazoqui, G.; Eisenbarth, T.; Sunar, B. S $ A: A shared cache attack that works across cores and defies VM sandboxing–and its application to AES. In Proceedings of the 2015 IEEE Symposium on Security and Privacy, San Jose, CA, USA, 18–20 May 2015; IEEE: Piscataway, NJ, USA, 2015; pp. 591–604. [Google Scholar]
- Liu, F.; Yarom, Y.; Ge, Q.; Heiser, G.; Lee, R.B. Last-level cache side-channel attacks are practical. In Proceedings of the 2015 IEEE Symposium on Security and Privacy, San Jose, CA, USA, 18–20 May 2015; IEEE: Piscataway, NJ, USA, 2015; pp. 605–622. [Google Scholar]
- Hunger, C.; Kazdagli, M.; Rawat, A.; Dimakis, A.; Vishwanath, S.; Tiwari, M. Understanding contention-based channels and using them for defense. In Proceedings of the 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA), Burlingame, CA, USA, 7–11 February 2015; IEEE: Piscataway, NJ, USA, 2015; pp. 639–650. [Google Scholar]
- Chen, S.; Zhang, X.; Reiter, M.K.; Zhang, Y. Detecting privileged side-channel attacks in shielded execution with Déjá Vu. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, Abu Dhabi, United Arab Emirates, 2–6 April 2017; pp. 7–18. [Google Scholar]
- Shih, M.W.; Lee, S.; Kim, T.; Peinado, M. T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs. In Proceedings of the NDSS, San Diego, CA, USA, 26 February–1 March 2017. [Google Scholar]
- Crane, S.; Homescu, A.; Brunthaler, S.; Larsen, P.; Franz, M. Thwarting cache side-channel attacks through dynamic software diversity. In Proceedings of the NDSS, San Diego, CA, USA, 8–11 February 2015; pp. 8–11. [Google Scholar]
- Evtyushkin, D.; Ponomarev, D.; Abu-Ghazaleh, N. Jump over ASLR: Attacking branch predictors to bypass ASLR. In Proceedings of the 49th Annual IEEE/ACM International Symposium on Microarchitecture, Taipei, Taiwan, 15–19 October 2016; pp. 1–13. [Google Scholar]
- Gullasch, D.; Bangerter, E.; Krenn, S. Cache games–bringing access-based cache attacks on AES to practice. In Proceedings of the 2011 IEEE Symposium on Security and Privacy, Oakland, CA, USA, 22–25 May 2011; IEEE: Piscataway, NJ, USA, 2011; pp. 490–505. [Google Scholar]
- Allan, T.; Brumley, B.B.; Falkner, K.; Van de Pol, J.; Yarom, Y. Amplifying side channels through performance degradation. In Proceedings of the 32nd Annual Conference on Computer Security Applications, Los Angeles, CA, USA, 5–9 December 2016; pp. 422–435. [Google Scholar]
- Van Bulck, J.; Piessens, F.; Strackx, R. SGX-Step: A practical attack framework for precise enclave execution control. In Proceedings of the 2nd Workshop on System Software for Trusted Execution, Shanghai, China, 28 October 2017; pp. 1–6. [Google Scholar]
- Kou, Z.; He, W.; Sinha, S.; Zhang, W. Load-step: A precise trustzone execution control framework for exploring new side-channel attacks like flush+ evict. In Proceedings of the 2021 58th ACM/IEEE Design Automation Conference (DAC), Virtual, 5–9 December 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 979–984. [Google Scholar]
- Ito, A.; Ueno, R.; Homma, N. On the success rate of side-channel attacks on masked implementations: Information-theoretical bounds and their practical usage. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, Los Angeles, CA, USA, 7–11 November 2022; pp. 1521–1535. [Google Scholar]
- Jang, H.; Shin, Y. MicroCFI: Microarchitecture-Level Control-Flow Restrictions for Spectre Mitigation. IEEE Access 2023, 11, 138699–138711. [Google Scholar] [CrossRef]
- Zhang, T.; Lesch, T.; Koltermann, K.; Evtyushkin, D. STBPU: A Reasonably Safe Branch Predictor Unit. arXiv 2021, arXiv:2108.02156. [Google Scholar]
- Molnar, D.; Piotrowski, M.; Schultz, D.; Wagner, D. The program counter security model: Automatic detection and removal of control-flow side channel attacks. In Proceedings of the International Conference on Information Security and Cryptology, Seoul, Republic of Korea, 1–2 December 2005; Springer: Berlin/Heidelberg, Germany, 2005; pp. 156–168. [Google Scholar]
- Intel. Retpoline, A Branch Target Injection Mitigation. 2018. Available online: https://www.intel.com/content/dam/develop/external/us/en/documents/retpoline-a-branch-target-injection-mitigation.pdf (accessed on 26 January 2025).
Initial PHT State | ||||||
---|---|---|---|---|---|---|
WN | 0 | |||||
SN | 0 | 0 |
Initial PHT State | ||||||
---|---|---|---|---|---|---|
WN | 0 | |||||
SN | 0 | 0 |
(a) | (b) | (c) | (d) | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
X | T | NT | X | T | NT | X | T | NT | X | T | NT | ||||
Y | Y | Y | Y | ||||||||||||
T | ST | WT | T | ST | WT | T | ST | ST | T | ST | ST | ||||
NT | SN | SN | NT | SN | SN | NT | WN | SN | NT | WN | SN |
Predictor Type | Attacker Type | BranchCloak’s Defense Mechanism |
---|---|---|
Hybrid (1-level) | multi-stepping | PHT-level obfuscation |
single-stepping | Branch-level obfuscation | |
Hybrid (2-level) | multi-stepping | N/A † |
single-stepping | Branch-level obfuscation | |
TAGE (base predictor) | multi-stepping | PHT-level obfuscation |
single-stepping | Branch-level obfuscation | |
TAGE (history-based) | multi-stepping | N/A † |
single-stepping | Branch-level obfuscation |
Category | Setting |
---|---|
OS | Ubuntu 18.04 64-bit |
CPU model | Intel i5-7500 (Kaby Lake) Intel i5-10600 (Comet Lake) Intel i9-11900 (Rocket Lake) |
Cryptographic libraries | OpenSSL 3.1.0 MbedTLS 3.1.0 Libgcrypt 1.9.4 |
CryptographicLibrary | CPU | Iterations per Second | Overhead (%) | |
---|---|---|---|---|
w/o BranchCloak (σ) | w/ BranchCloak (σ) | |||
OpenSSL | i5-7500 | 1,179,533 (1.62) | 1,078,476 (10,048) | 8.57 |
i5-10600 | 1,499,467 (2.16) | 1,409,985 (12,512) | 5.97 | |
i9-11900 | 1,687,880 (1.94) | 1,582,077 (23,834) | 6.27 | |
MbedTLS | i5-7500 | 11,975 (1.21) | 11,830 (34.5) | 1.21 |
i5-10600 | 15,160 (1.48) | 15,037 (44.8) | 0.81 | |
i9-11900 | 15,510 (1.11) | 15,405 (116) | 0.68 | |
Libgcrypt | i5-7500 | 904,426 (1.18) | 822,143 (1911) | 9.10 |
i5-10600 | 1,175,296 (1.56) | 1,116,076 (1410) | 5.04 | |
i9-11900 | 1,430,408 (0.80) | 1,312,709 (8883) | 8.23 |
Mitigation | Technique | Scope of Protection | Performance Overhead |
---|---|---|---|
Raccoon [27] | Executing decoy path | All conditional branches | <1000× |
Zigzagger [31] | Obfuscating the control flow through trampoline branches | All conditional branches | <2.19× |
Hosseinzadeh et al. [30] | Converting conditional branches into conditional move and indirect branch | All conditional branches | <1.64× |
Evtyushkin et al. [36] | Randomizing the PHT in context switch | Conditional branches across processes | <1.2× |
Half&Half [40] | Software-based PHT partitioning | Conditional branches across two domains | <1.07× |
Coppens et al. [28] | Converting conditional branches into conditional moves | User-informed secret-dependent branches | <24× |
BranchCloak | Obfuscating the PHT state through insertion of colliding branches | User-informed secret-dependent branches | <1.09× |
(Unit: Bytes) | |||
---|---|---|---|
Cryptographic Library | w/o BranchCloak | w/ BranchCloak | w/ BranchCloak per Aligned Branches |
OpenSSL (bn_exp.o) | 25,504 | 213,920 (5) † | 37,863 |
MbedTLS (bignum.o) | 45,448 | 401,800 (11) | 32,395 |
Libgcrypt (ec.o) | 215,000 | 399,344 (5) | 36,868 |
Performance Counter | Cryptographic Library | Architecture | Not Applied | Applied |
---|---|---|---|---|
Page Faults | OpenSSL | i5-7500 | 288 | 290 |
i5-10600 | 288 | 291 | ||
i9-11900 | 308 | 310 | ||
MbedTLS | i5-7500 | 84 | 88 | |
i5-10600 | 84 | 88 | ||
i9-11900 | 84 | 88 | ||
Libgcrypt | i5-7500 | 152 | 154 | |
i5-10600 | 152 | 153 | ||
i9-11900 | 149 | 150 | ||
LLC Miss Rate (%) | OpenSSL | i5-7500 | 20.98 | 20.58 |
i5-10600 | 15.95 | 14.01 | ||
i9-11900 | 23.01 | 22.72 | ||
MbedTLS | i5-7500 | 2.17 | 2.03 | |
i5-10600 | 1.47 | 1.23 | ||
i9-11900 | 2.58 | 2.87 | ||
Libgcrypt | i5-7500 | 1.33 | 0.97 | |
i5-10600 | 0.89 | 0.71 | ||
i9-11900 | 20.17 | 18.86 | ||
Branch Misprediction Rate (%) | OpenSSL | i5-7500 | 0.207 | 0.204 |
i5-10600 | 0.207 | 0.207 | ||
i9-11900 | 0.244 | 0.237 | ||
MbedTLS | i5-7500 | 0.288 | 0.274 | |
i5-10600 | 0.282 | 0.272 | ||
i9-11900 | 0.225 | 0.219 | ||
Libgcrypt | i5-7500 | 0.109 | 0.108 | |
i5-10600 | 0.108 | 0.108 | ||
i9-11900 | 0.115 | 0.107 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2025 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Kim, J.; Jang, H.; Shin, Y. BranchCloak: Mitigating Side-Channel Attacks on Directional Branch Predictors. Electronics 2025, 14, 1758. https://doi.org/10.3390/electronics14091758
Kim J, Jang H, Shin Y. BranchCloak: Mitigating Side-Channel Attacks on Directional Branch Predictors. Electronics. 2025; 14(9):1758. https://doi.org/10.3390/electronics14091758
Chicago/Turabian StyleKim, Jihoon, Hyerean Jang, and Youngjoo Shin. 2025. "BranchCloak: Mitigating Side-Channel Attacks on Directional Branch Predictors" Electronics 14, no. 9: 1758. https://doi.org/10.3390/electronics14091758
APA StyleKim, J., Jang, H., & Shin, Y. (2025). BranchCloak: Mitigating Side-Channel Attacks on Directional Branch Predictors. Electronics, 14(9), 1758. https://doi.org/10.3390/electronics14091758