Survey of Transient Execution Attacks (2005.13435v2)

Abstract: Transient execution attacks, also called speculative execution attacks, have drawn much interest as they exploit the transient execution of instructions, e.g., during branch prediction, to leak data. Transient execution is fundamental to modern computer architectures, yet poses a security risk as has been demonstrated. Since the first disclosure of Spectre and Meltdown attacks in January 2018, a number of new attack types or variants of the attacks have been presented. These attacks have motivated computer architects to rethink the design of processors and propose hardware defenses. This paper summarizes the components and the phases of the transient execution attacks. Each of the components is further discussed and categorized. A set of metrics is proposed for each component to evaluate the feasibility of an attack. Moreover, the data that can be leaked in the attacks are summarized. Further, the existing attacks are compared, and the limitations of these attacks are discussed based on the proposed metrics. In the end, existing mitigations at the micro-architecture level from literature are discussed.