SpecBox: A Label-Based Transparent Speculation Scheme Against Transient Execution Attacks

Bowen Tang, Chenggang Wu, Zhe Wang, Lichen Jia, Pen Chung Yew, Yueqiang Cheng, Yinqian Zhang, Chenxi Wang, Guoqing Harry Xu

Research output: Contribution to journalArticlepeer-review

1 Scopus citations


Speculative execution techniques have been a cornerstone of modern processors to improve instruction-level parallelism. However, recent studies showed that this kind of techniques could be exploited by attackers to leak secret data via transient execution attacks, such as Spectre. Many defenses are proposed to address this problem, but they all face various challenges: (1) Tracking data flow in the instruction pipeline could comprehensively address this problem, but it could cause pipeline stalls and incur high performance overhead; (2) Making side effect of speculative execution imperceptible to attackers, but it often needs additional storage components and complicated data movement operations. In this article, we propose a label-based transparent speculation scheme called SpecBox. It dynamically partitions the cache system to isolate speculative data and non-speculative data, which can prevent transient execution from being observed by subsequent execution. Moreover, it uses thread ownership semaphores to prevent speculative data from being accessed across cores. In addition, SpecBoxalso enhances the auxiliary components in the cache system against transient execution attacks, such as hardware prefetcher. Our security analysis shows that SpecBoxis secure and the performance evaluation shows that the performance overhead on SPEC CPU 2006 and PARSEC-3.0 benchmarks is small.

Original languageEnglish (US)
Pages (from-to)827-840
Number of pages14
JournalIEEE Transactions on Dependable and Secure Computing
Issue number1
StatePublished - Jan 1 2023

Bibliographical note

Publisher Copyright:


  • Transient execution attack
  • cache partition
  • shared cache access control


Dive into the research topics of 'SpecBox: A Label-Based Transparent Speculation Scheme Against Transient Execution Attacks'. Together they form a unique fingerprint.

Cite this