Loading [MathJax]/extensions/MathMenu.js
IRONHIDE: A Secure Multicore that Efficiently Mitigates Microarchitecture State Attacks for Interactive Applications | IEEE Conference Publication | IEEE Xplore

IRONHIDE: A Secure Multicore that Efficiently Mitigates Microarchitecture State Attacks for Interactive Applications


Abstract:

Microprocessors enable aggressive hardware virtualization by means of which multiple processes temporally execute on the system. These security-critical and ordinary proc...Show More

Abstract:

Microprocessors enable aggressive hardware virtualization by means of which multiple processes temporally execute on the system. These security-critical and ordinary processes interact with each other to assure application progress. However, temporal sharing of hardware resources exposes the processor to various microarchitecture state attacks. State-of-the-art secure processors, such as MI6 adopt Intel's SGX enclave execution model. MI6 architects strong isolation by statically isolating shared memory state, and purging the microarchitecture state of private core, cache, and TLB resources on every enclave entry and exit. The purging overhead significantly impacts performance as the interactivity across the secure and insecure processes increases. This paper proposes IRONHIDE that implements strong isolation in the context of multicores to form spatially isolated secure and insecure clusters of cores. For an interactive application comprising of secure and insecure processes, IRONHIDE pins the secure process(es) to the secure cluster, where they execute and interact with the insecure process(es) without incurring the microarchitecture state purging overheads on every interaction event. IRONHIDE improves performance by 2.1x over the MI6 baseline for a set of user and OS interactive applications. Moreover, IRONHIDE improves performance by 20% over an SGX-like baseline, while also ensuring strong isolation guarantees against microarchitecture state attacks.
Date of Conference: 22-26 February 2020
Date Added to IEEE Xplore: 16 April 2020
ISBN Information:

ISSN Information:

Conference Location: San Diego, CA, USA

I. Introduction

Modern microprocessors enable aggressive hardware virtualization that allows multiple processes to co-locate and temporally execute on the system. These security-critical and ordinary processes interact over their execution for an application to progress. However, these processes suffer from interference channels due to the temporal sharing of processor hardware resources, such as caches, translation look-aside buffers, on-chip networks, and even memory controllers. The execution footprint of processes leaves microarchitecture state vulnerable in these shared hardware resources by means of which an attacker process can infer secret data value(s). Thus, it is imperative to ensure non-interference for guaranteeing robust security across secure and insecure processes. To enable noninterference, various software and hardware based solutions have been proposed in literature. At the software level, process-level isolation (e.g., Intel’s SMAP and KASLR) is traditionally adopted across co-executing processes to guarantee memory isolation. However, it falls short in providing processor security as the hardware resources still remain shared across temporally executing processes [1].

References

References is not available for this document.