New Type of CPU Memory Dubbed ‘SAPM memory’ Protects Against Speculative Side-channel Attacks

• Intel’s STORM (STrategic Offensive Research & Mitigations) team designed the SAPM memory for mitigating the speculative execution side-channel attacks that leak secret from cache/memory.
• SAPM gives the software the flexibility to store only the sensitive data in dedicated memory regions in order to protect them from speculative side-channel attacks.

What’s new?

Researchers from Intel have detailed about a new type of computer memory dubbed ‘Speculative-Access Protected Memory' (SAPM) that protects against speculative execution side-channel attacks, such as Meltdown, Spectre, L1TF, SGXSpectre, SWAPGSAttack, Zombieload, MDS, and others.

About SAPM Memory

Intel’s STORM (STrategic Offensive Research & Mitigations) team designed the SAPM memory for mitigating the speculative execution side-channel attacks that leak secret from cache/memory.

• The researchers noted that SAPM is an alternative to the current hardware and software-level mitigations.
• This memory type will implement protection at the hardware level and works with both physical and virtual memory addresses.
• SAPM gives the software the flexibility to store only the sensitive data in dedicated memory regions in order to protect them from speculative side-channel attacks.

“SAPM can beapplied to specific memory ranges, with the attribute that any memory access to such memorytype will be instruction-level serialized, meaning that any speculative execution beyond theSAPM-accessing instruction will be stopped pending the successful retirement of this SAPM-accessing instruction,” researchers explained in the research paper.

Implementation

There are various methods to implement SAPM that are architecture and micro-architecture specific. For example, in modern processors with pipeline and OOO execution, instructions are fetched in order, executed out-of-order, and retired in order to take effect architecturally.

• Add a logic after instruction decoding and before memory access, to ensure if the target data address of the memory accessing instruction points to a SAPMregion.
• If the data address of the memory-accessing instruction is inside a SAPM region, then immediately clear the pipeline.
• Later, re-fetch instructions only up to the SAPM-accessing instruction, with further fetch depending on the successful retirement of the SAPM-accessing instruction.

Thus, the speculative execution beyond SAPM-accessing instruction cannot happen until the successful retirement of this instruction, thereby preventing any speculative execution side-channel attacks that leak secret from memory.