1 Introduction
Modern microprocessors enable hardware virtualization by means of which multiple security-critical and ordinary processes temporally co-execute on the processor and share hardware resources, such as caches, translation look-aside buffers (TLBs), on-chip networks, and even memory controllers. This hardware sharing results in timing access variations due to interference that can by exploited by an attacker process to infer secret data value(s) [1], [2], [3], [4]. To guarantee non-interference, various software and hardware based solutions have been proposed. At the software level, process-level isolation (e.g., Intel's SMAP and KASLR) is traditionally adopted across co-executing processes to guarantee memory isolation. However, it falls short as hardware resources still remain shared across temporally executing processes [1]. On the other hand, hardware based solutions broadly fall into two categories: The first category comprises of non-enclave based mitigation schemes, where secure and insecure processes temporally co-execute on the processor. The microarchitecture state is protected via scrambled (randomly mapped) address accesses [5], [6], or intrusive hardware extensions are introduced to mitigate unauthorized access to secure data [7], [8], [9]. The second category involves enclave-based architectural mechanisms [10], [11], [12], [13], [14], where secure processes execute in containers that are isolated at the hardware-level from temporally executing ordinary processes. Given their continuing commercial integration and strong security guarantees, this paper primarily focuses on enclave-based secure processors.