Hardware-software co-designs for microarchitectural security

Microarchitectural optimizations, such as caches and speculative out-of-order execution, are essential for achieving high performance. However, these same mechanisms also open the door to attacks that can undermine software-enforced security policies. The current gold standard for defending against such attacks is the constant-time programming discipline, which prohibits secret-dependent control flow and memory accesses. While constant-time programming is widely used to secure cryptographic implementations against microarchitectural attacks, it has critical limitations. From a security perspective, it depends on assumptions about the underlying hardware and fails to provide protection against certain classes of attacks, such as Spectre.  From a performance perspective, it incurs additional overheads, for example due to control-flow linearization. In this presentation, I will introduce recent hardware-software co-design approaches that mitigate the shortcomings of constant-time programming, moving toward more efficient and robust defenses. I will also discuss some remaining challenges to achieve provable, end-to-end security guarantees.