Loading [MathJax]/extensions/MathMenu.js
OPTIMUS: A Security-Centric Dynamic Hardware Partitioning Scheme for Processors that Prevent Microarchitecture State Attacks | IEEE Journals & Magazine | IEEE Xplore

OPTIMUS: A Security-Centric Dynamic Hardware Partitioning Scheme for Processors that Prevent Microarchitecture State Attacks


Abstract:

Hardware virtualization allows multiple security-critical and ordinary (insecure) processes to co-execute on a processor. These processes temporally share hardware resour...Show More

Abstract:

Hardware virtualization allows multiple security-critical and ordinary (insecure) processes to co-execute on a processor. These processes temporally share hardware resources and endure numerous security threats on the microarchitecture state. State-of-the-art secure processor architectures, such as MI6 and IRONHIDE enable capabilities to execute security-critical processes in hardware isolated enclaves utilizing the strong isolation security primitive. The MI6 processor purges small state resources on each enclave entry/exit and statically partitions the last-level cache and DRAM regions to ensure strong isolation. IRONHIDE takes a spatial approach and creates two isolated clusters of cores in a multicore processor to ensure strong isolation for processes executing in the enclave cluster. Both architectures observe performance degradation due to static partitioning of shared hardware resources. OPTIMUS proposes a security-centric dynamic hardware resource partitioning scheme that operates entirely at runtime and ensures strong isolation. It enables deterministic resource allocations at the application level granularity, and limits the number of hardware reconfigurations to ensure bounded information leakage via the timing and termination channels. The dynamic hardware resource partitioning capability of OPTIMUS is shown to co-optimize performance and security for the MI6 and IRONHIDE architectures.
Published in: IEEE Transactions on Computers ( Volume: 69, Issue: 11, 01 November 2020)
Page(s): 1558 - 1570
Date of Publication: 20 May 2020

ISSN Information:

Funding Agency:


1 Introduction

Modern microprocessors enable hardware virtualization by means of which multiple security-critical and ordinary processes temporally co-execute on the processor and share hardware resources, such as caches, translation look-aside buffers (TLBs), on-chip networks, and even memory controllers. This hardware sharing results in timing access variations due to interference that can by exploited by an attacker process to infer secret data value(s) [1], [2], [3], [4]. To guarantee non-interference, various software and hardware based solutions have been proposed. At the software level, process-level isolation (e.g., Intel's SMAP and KASLR) is traditionally adopted across co-executing processes to guarantee memory isolation. However, it falls short as hardware resources still remain shared across temporally executing processes [1]. On the other hand, hardware based solutions broadly fall into two categories: The first category comprises of non-enclave based mitigation schemes, where secure and insecure processes temporally co-execute on the processor. The microarchitecture state is protected via scrambled (randomly mapped) address accesses [5], [6], or intrusive hardware extensions are introduced to mitigate unauthorized access to secure data [7], [8], [9]. The second category involves enclave-based architectural mechanisms [10], [11], [12], [13], [14], where secure processes execute in containers that are isolated at the hardware-level from temporally executing ordinary processes. Given their continuing commercial integration and strong security guarantees, this paper primarily focuses on enclave-based secure processors.

References

References is not available for this document.