MicroCFI: Microarchitecture-Level Control-Flow Restrictions for Spectre Mitigation

Spectre attack exploits the vulnerability in speculative execution, an optimization technique for modern superscalar processors. Among the attack variants, Spectre-BTB and Spectre-RSB are the most threatening because they allow adversaries to execute arbitrary code in the transient execution context. However, there are few mitigation techniques for these Spectre variants due to the high degree of implementation difficulty. In this paper, we propose MicroCFI, a hardware/software co-design approach to mitigate Spectre-BTB and Spectre-RSB. The main idea of MicroCFI is to enforce control-flow integrity (CFI) in microarchitectural level of a program's execution. Specifically, MicroCFI strictly limits possible forward and backward indirect branch targets predicted by BTB and RSB by imposing CFI properties on all potential targets. As indirect branches only have destinations to valid targets that satisfy these properties, MicroCFI significantly reduces the chance of arbitrary code execution in Spectre attacks. We implemented a prototype of MicroCFI using an LLVM compiler and performed an evaluation on MARSSx86, a simulator for x86 microarchitectures. The security evaluation shows that MicroCFI reduces the number of available Spectre gadgets by more than 90%, significantly increasing the complexity of the attack. The performance evaluation using the SPEC CPU 2017 benchmarks shows that MicroCFI introduces negligible performance overhead.