Speculative execution attacks present an enormous security threat, capable of reading arbitrary program data under malicious speculation, and later exfiltrating that data over microarchitectural covert channels. This article proposes speculative taint tracking (STT), a high-security and high-performance hardware mechanism to block these attacks. The main idea is that it is safe to execute and selectively forward the results of speculative instructions that read secrets, as long as we can prove that the forwarded results do not reach potential covert channels. The technical core of the article is a new abstraction to help identify all covert channels, and an architecture to quickly identify when a covert channel is no longer a threat. We further conduct a detailed formal analysis on the scheme and prove security in a companion document. When evaluated on SPEC06 workloads, STT incurs 8.5% or 14.5% performance overhead relative to an insecure machine.

中文翻译：

---

推测性污点跟踪 (STT)：对推测性访问数据的全面保护

推测执行攻击带来了巨大的安全威胁，能够在恶意推测下读取任意程序数据，然后通过微架构隐蔽通道泄露该数据。本文提出了推测性污点跟踪 (STT)，这是一种高安全性和高性能的硬件机制来阻止这些攻击。主要思想是执行和选择性转发读取机密的推测指令的结果是安全的，只要我们能证明转发的结果没有到达潜在的隐蔽通道。文章的技术核心是一种新的抽象，可以帮助识别所有隐蔽通道，以及一种可以快速识别隐蔽通道何时不再构成威胁的架构。我们进一步对该方案进行了详细的正式分析，并在配套文件中证明了安全性。