Spectre-class speculative execution attacks exploit cache-state side channels to leak sensitive information. To address this, this work proposes Cache-Aware Speculative Flushing (CASF): upon pipeline misprediction squashing, CASF immediately issues a cancellation signal to the memory hierarchy, preemptively blocking all in-flight mis-speculated memory accesses from modifying cache state—thereby eliminating the fundamental conditions enabling cache-based side-channel leakage. CASF is implemented via lightweight extensions to cache coherence protocols and tight co-design between the speculative pipeline and cache controller, requiring no access-response latency and thus preserving performance. Evaluated on gem5, CASF completely mitigates representative Spectre-v1 and Spectre-v4 attacks with only 0.47% average performance overhead—substantially outperforming existing microarchitectural defenses. Its core innovation lies in the first deep coupling of squash events with cache-update interception, achieving low-overhead, high-robustness hardening of speculative execution.

Speculation is key to achieving high CPU performance, yet it enables risks like Spectre attacks which remain a significant challenge to mitigate without incurring substantial performance overheads. These attacks typically unfold in three stages: access, transmit, and receive. Typically, they exploit a cache timing side channel during the transmit and receive phases: speculatively accessing sensitive data (access), altering cache state (transmit), and then utilizing a cache timing attack (e.g., Flush+Reload) to extract the secret (receive). Our key observation is that Spectre attacks only require the transmit instruction to execute and dispatch a request to the cache hierarchy. It need not complete before a misprediction is detected (and mis-speculated instructions squashed) because responses from memory that arrive at the cache after squashing still alter cache state. We propose a novel mitigation, CacheSquash, that cancels mis-speculated memory accesses. Immediately upon squashing, a cancellation is sent to the cache hierarchy, propagating downstream and preventing any changes to caches that have not yet received a response. This minimizes cache state changes, thereby reducing the likelihood of Spectre attacks succeeding. We implement CacheSquash on gem5 and show that it thwarts practical Spectre attacks, with near-zero performance overheads.