BranchCloak: Mitigating Side-Channel Attacks on Directional Branch Predictors

The emerging threat of side-channel attacks targeting branch predictors on recent Intel processors has become a growing concern. These attacks rely on exploiting a pattern history table (PHT) as a source of side-channel information. Since the PHT is shared among logical cores, attackers can observe a state in the PHT entry that collides with the victim, enabling them to leak the control flow information of a victim process. Any state changes caused by the victim will reveal whether the victim’s target branch has been taken or not. In this paper, we present BranchCloak, a novel software-based mitigation technique for PHT-based side-channel attacks. The main idea of BranchCloak is to obfuscate the PHT state by augmenting the victim’s program with some r-branches near the target branch. The r-branch is a conditional branch instruction that has the following properties: (1) it collides with the target branch in the PHT, and (2) its branching decision is made uniformly at random. BranchCloak can successfully mitigate the attack without hardware modification of the vulnerable processors. By performing extensive experiments with practical applications, we show that the performance overhead of BranchCloak is negligible.