1. 10

Abstract—This paper presents Half&Half, a novel soft- ware defense against branch-based side-channel attacks. Half&Half isolates the effects of different protection do- mains on the conditional branch predictors (CBPs) in modern Intel processors. This work presents the first exhaustive analysis of modern conditional branch prediction structures, and reveals for the first time an unknown opportunity to physically partition all CBP structures and completely prevent leakage between two domains using the shared predictor. Half&Half is a software-only solution to branch predictor isolation that requires no changes to the hardware or ISA, and only requires minor modifications to be supported in existing compilers. We implement Half&Half in the LLVM and WebAssembly compilers and show that it incurs an order of magnitude lower overhead compared to the current state-of-the-art branch-based side- channel defenses.

    1. 2

      It’s really impressive that the author reverse-engineered out the whole Intel CBP architecture through microbenchmarking. Really amazing work!