Modern processors rely on various speculative mechanisms to meet performance demand. Branch predictors are one of the most important micro-architecture components to deliver performance. However, they have been under heavy scrutiny because of recent side-channel attacks. Branch predictors are indexed using the PC and recent branch histories. An adversary can manipulate these parameters to access and control the same branch predictor entry that a victim uses. Recent Spectre attacks exploit this to set up speculative-execution-based security attacks. In this article, we aim to mitigate branch predictor side-channels using two-level encryption. At the first level, we randomize the set-index by encrypting the PC using a per-context secret key. At the second level, we encrypt the data in each branch predictor entry. While periodic key changes make the branch predictor more secure, performance degradation can be significant. To alleviate performance degradation, we propose a practical set update mechanism that also considers parallelism in multi-banked branch predictors. We show that our mechanism exhibits only 1.0% and 0.2% performance degradation while changing keys every 10K and 50K cycles, respectively, which is much lower than other state-of-the-art approaches.

中文翻译：

---

使用两级加密保护分支预测器

现代处理器依靠各种推测机制来满足性能需求。分支预测器是提供性能的最重要的微架构组件之一。然而，由于最近的侧信道攻击，它们一直受到严格审查。使用 PC 和最近的分支历史记录分支预测器。攻击者可以操纵这些参数来访问和控制受害者使用的相同分支预测器条目。最近的 Spectre 攻击利用这一点来设置基于推测执行的安全攻击。在本文中，我们的目标是使用两级加密来减轻分支预测器侧信道。在第一级，我们通过使用每个上下文的密钥加密 PC 来随机化集合索引。在第二级，我们对每个分支预测器条目中的数据进行加密。虽然周期性的密钥更改使分支预测器更加安全，但性能下降可能很严重。为了减轻性能下降，我们提出了一种实用的集合更新机制，该机制还考虑了多银行分支预测器中的并行性。我们表明，我们的机制在每 10K 和 50K 周期分别更改密钥时仅表现出 1.0% 和 0.2% 的性能下降，这远低于其他最先进的方法。