Monocle: Transient Execution Proof Memory Views for Runtime Compiled Code

Most managed runtime environments abandoned attempts to mitigate speculative execution attacks in-process in favor of using process isolation to confine attackers. Indeed, many code-generation based mitigations focused on specific variants of speculative execution vulnerabilities. This makes design-level defenses with clear guarantees, such as process isolation, a more attractive solution, despite the challenges that may arise while adopting a multi-process architecture. We present Monocle, a fundamental runtime code-generation approach that mitigates speculative execution attacks in-process. Monocle is based on software fault isolation (SFI) and can be validated at the machine code level to ensure all potential known Spectre gadgets are covered. Benchmarks show an overhead of only 20% over the baseline, on average, and an improvement of 4.3x when compared to using memory fences, a comprehensive baseline speculative execution barrier-based mitigation strategy.