DEFENDING AGAINST SPECULATIVE EXECUTION EXPLOITS

摘要

Embodiments protect a computer application from being exploited by an attacker, while the application code is executed by a speculative execution engine having vulnerabilities. Embodiments are directed to systems that, prior to execution of the application by a speculative execution engine, locate a sequence of instructions of the application in which the speculative execution engine executes the instructions out of sequence. For example, the sequence of instructions may be an "if-then" code block. The systems determine a disposition that forces the speculative execution engine to execute the instructions in sequence. For example, the disposition may be adding a fence instruction to the sequence of instructions. During execution of the application code by the speculative execution engine, the systems change the sequence of instructions based on the disposition. The systems execute the changed sequence of instructions in place of the located sequence of instructions to prevent an attack on the application.