Spectre攻击对物联网设备造成严重的安全威胁，亟需有效的防御手段。然而，一方面现有打补丁式的防御措施难以对Spectre攻击及其变种进行全面防御，并且通常对系统及CPU性能影响很大；另一方面，改进或设计新CPU架构的防御方法对现有设备无能为力。为解决上述难题，本课题拟开展抗Spectre攻击的软硬协同系统级防御技术研究，为基于全可编程SoC的物联网设备提供解决方案。其主要研究内容包括：全可编程SoC系统级防御安全架构的构建，针对Spectre攻击的软硬协同防御方法的设计，以及软硬协同防御系统的实现。课题的实施不仅可以为现有设备提供解决方案，而且也能够为全可编程SoC安全设计技术改进奠定先进的技术基础。

Spectre attacks pose a serious security threat to IoT devices, thus IoT devices need effective defense mechanisms. However, there are problems to be solved in existing countermeasures. On the one hand, patches countermeasures are difficult to fully defend against Spectre attacks and many variants, and often have a significant impact on system and CPU performance. On the other hand, the countermeasures based on improving or designing a new CPU architecture are powerless for existing devices. In order to solve these problems, our research will focus on system level countermeasure based on orchestration of hardware and software against Spectre attacks, and provide solutions for IoT devices based on all programmable SoC. Our research include the construction of the system level defense security architecture on all programmable SoC, the design of the defense method based on the orchestration of hardware and software orchestrate for Spectre attacks, and the realization of the hardware and software orchestrating defense system. Our research can not only provide solutions for existing IoT devices, but also can lay an advanced technical foundation for the improvement of all programmable SOC security design.