Half&Half: Demystifying Intel’s Directional Branch Predictors for Fast, Secure Partitioned Execution
Hosein Yavarzadeh, Mohammadkazem Taram, Shravan Narayan, Deian Stefan, Dean Tullsen
IEEE Symposium on Security and Privacy (IEEE S&P), May 2023.
[ paper | bibtex | teaser | video ]


This paper presents Half&Half, a novel software defense against branch-based side-channel attacks. Half&Half isolates the effects of different protection domains on the conditional branch predictors (CBPs) in modern Intel processors. This work presents the first exhaustive analysis of modern conditional branch prediction structures and reveals for the first time an unknown opportunity to physically partition all CBP structures and completely prevent leakage between two domains using the shared predictor. Half&Half is a software-only solution to branch predictor isolation that requires no changes to the hardware or ISA and only requires minor modifications to be supported in existing compilers. We implement Half&Half in the LLVM and WebAssembly compilers and show that it incurs an order of magnitude lower overhead compared to the current state-of-the-art branch-based side-channel defenses.

[1] Half&Half – Intel Processor’s Hidden Security Feature Stop Attack Against Spectre Like Vulnerabilities (Cyber Security News)

[2] Half & Half: Intel’s Hidden Security Feature Stops Spectre-like Attacks (The Architect Coach)

[3] Surprise: A Small Change Leads to Big Results for Computer Security (UC San Diego Today)

[4] UCSD and Purdue Researchers Uncover Intel Processors’ Hidden Capabilities to Increase Security and Ward off Spectre Attacks (HPC wire)


[6] The microarchitecture of Intel, AMD, and VIA CPUs (Agner Fog)

[7] Cyber Security News - June 2nd Week (QUALYSEC Beyond Cyber Security)

[8] HT without sharing the branch predictor (Real World Technologies)

[9] Intel Branch Predictors reverse engineered (Motley Fool Community)

Contact! I’m open to collaborations, so feel free to contact me if you have any cool ideas.