Systematizing speculative execution side channel vulnerabilities and their mitigations
Developing a deep understanding of speculative execution side channel vulnerabilities is crucial to evaluating their risk and the mitigation opportunities that exist. To build this understanding, Microsoft developed a taxonomy and framework to systematize this new vulnerability class. This taxonomy decomposes speculative execution side channel vulnerabilities into four components: the speculation primitive which is used to enter speculative execution along a non-architectural path, the windowing gadget that is used to provide sufficient time for speculation, the disclosure gadget that is used to convey information through a side channel during speculation, and the disclosure primitive that is used to observe the information communicated through the side channel. This framework provides a basis for defining a collection of techniques that can be used to mitigate speculative execution side channel vulnerabilities. To demonstrate this, this presentation will describe the specific mitigations that Microsoft has developed, the relevance they have to various software security models, and the impact they have on this new vulnerability class.