Hardware software co-designs for microarchitectural security

Microarchitectural optimizations, such as caches and speculative out-of-order execution, are essential for achieving high system performance. However, these mechanisms also open the door to attacks that can undermine software-enforced security policies. The current gold standard for defending against such attacks is the constant-time programming discipline, which prohibits secret-dependent control flow and memory accesses. While constant-time programming is widely used to secure cryptographic implementations against microarchitectural attacks, it fails to provide protection against certain classes of attacks, such as Spectre. This talk will introduce the threats posed by recent microarchitectural side-channel attacks and present recent mitigation strategies based on hardware-software co-design. It will also discuss how to formalize security at the hardware-software interface in order to provably achieve end-to-end security against microarchitectural attacks.