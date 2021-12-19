Modern microprocessors rely on branch prediction and speculative execution to achieve a high speed of high levels of instruction supply. Instead of issuing stalls and waiting for the branch target to be resolved, the CPU consults branch predictors for a possible destination and performs speculative execution. These microarchitecture design techniques can improve the utilization of instruction pipelines and out-of-order execution. However, the security implications of mispredictions and speculations have not drawn attention until recently. In early 2018, Spectre attacks negated the confidentiality and isolations in both software and hardware levels. This vulnerability stems from the side effects of the aforementioned performance enhancements. Namely, by manipulating branch predictors for an incorrect prediction, speculative execution can bypass bound checks or take place on arbitrary memory space. As a result, exploits can access the victim's secret during speculative execution and then exfiltrate the information over various microarchitectural covert channels.

