TY - GEN
T1 - SpectreShield
T2 - 5th IEEE International Conference on Cyber Security and Resilience, CSR 2025
AU - Khan, Mahreen
AU - Mushtaq, Maria
AU - Pacalet, Renaud
AU - Apvrille, Ludovic
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025/1/1
Y1 - 2025/1/1
N2 - Speculative execution attacks like Spectre exploit microarchitectural side effects to leak sensitive data during transient execution. While various software and hardware countermeasures have been proposed for x86 and ARM architectures, their effectiveness and microarchitectural impact remain underexplored on RISC-V platforms. To study such attacks and evaluate these countermeasures, simulation tools like the gem5 simulator provide detailed insights into microarchitectural state changes during speculation. In this paper, we present the first comprehensive evaluation of Spectre-v1 countermeasures on the RISC-V architecture using the gem5 full-system simulator. We implement and assess four Spectre-v1 mitigations: index masking (CM1), randomized offset (CM2), fence-based serialization (CM3), and bitwise selection (CM4). Our experiments reveal that, in the absence of mitigations, Spectre-v1 enables 100% secret key recovery. In contrast, all proposed countermeasures reduce the recovery rate to below 1%, with branch mispredictions decreasing by 41.7%-46.3%. The paper analyzes the securityperformance trade-offs of each approach. Beyond demonstrating their effectiveness, we quantify their microarchitectural impact, measuring reductions in squashed instructions, DRAM latency variability, and return address stack mispredictions. This paper provides a practical framework for evaluating transient execution defenses and advances secure-by-design RISC-V processors.
AB - Speculative execution attacks like Spectre exploit microarchitectural side effects to leak sensitive data during transient execution. While various software and hardware countermeasures have been proposed for x86 and ARM architectures, their effectiveness and microarchitectural impact remain underexplored on RISC-V platforms. To study such attacks and evaluate these countermeasures, simulation tools like the gem5 simulator provide detailed insights into microarchitectural state changes during speculation. In this paper, we present the first comprehensive evaluation of Spectre-v1 countermeasures on the RISC-V architecture using the gem5 full-system simulator. We implement and assess four Spectre-v1 mitigations: index masking (CM1), randomized offset (CM2), fence-based serialization (CM3), and bitwise selection (CM4). Our experiments reveal that, in the absence of mitigations, Spectre-v1 enables 100% secret key recovery. In contrast, all proposed countermeasures reduce the recovery rate to below 1%, with branch mispredictions decreasing by 41.7%-46.3%. The paper analyzes the securityperformance trade-offs of each approach. Beyond demonstrating their effectiveness, we quantify their microarchitectural impact, measuring reductions in squashed instructions, DRAM latency variability, and return address stack mispredictions. This paper provides a practical framework for evaluating transient execution defenses and advances secure-by-design RISC-V processors.
KW - Microarchitectural side-channels
KW - RISC-V
KW - Spectre
KW - attacks
KW - countermeasures
KW - gem5
KW - security
UR - https://www.scopus.com/pages/publications/105016157523
U2 - 10.1109/CSR64739.2025.11130017
DO - 10.1109/CSR64739.2025.11130017
M3 - Conference contribution
AN - SCOPUS:105016157523
T3 - Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025
SP - 1008
EP - 1015
BT - Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 4 August 2025 through 6 August 2025
ER -