Saved in:
Bibliographic Details
Main Authors: Wistoff, Nils, Schneider, Moritz, Gürkaynak, Frank K., Heiser, Gernot, Benini, Luca
Format: Preprint
Published: 2022
Subjects:
Online Access:https://arxiv.org/abs/2202.12029
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866914089929801728
author Wistoff, Nils
Schneider, Moritz
Gürkaynak, Frank K.
Heiser, Gernot
Benini, Luca
author_facet Wistoff, Nils
Schneider, Moritz
Gürkaynak, Frank K.
Heiser, Gernot
Benini, Luca
contents Microarchitectural timing channels enable unwanted information flow across security boundaries, violating fundamental security assumptions. They leverage timing variations of several state-holding microarchitectural components and have been demonstrated across instruction set architectures and hardware implementations. Analogously to memory protection, Ge et al. have proposed time protection for preventing information leakage via timing channels. They also showed that time protection calls for hardware support. This work leverages the open and extensible RISC-V instruction set architecture (ISA) to introduce the temporal fence instruction fence.t, which provides the required mechanisms by clearing vulnerable microarchitectural state and guaranteeing a history-independent context-switch latency. We propose and discuss three different implementations of fence.t and implement them on an experimental version of the seL4 microkernel and CVA6, an open-source, in-order, application class, 64-bit RISC-V core. We find that a complete, systematic, ISA-supported erasure of all non-architectural core components is the most effective implementation while featuring a low implementation effort, a minimal performance overhead of less than 1%, and negligible hardware costs.
format Preprint
id arxiv_https___arxiv_org_abs_2202_12029
institution arXiv
publishDate 2022
record_format arxiv
spellingShingle Systematic Prevention of On-Core Timing Channels by Full Temporal Partitioning
Wistoff, Nils
Schneider, Moritz
Gürkaynak, Frank K.
Heiser, Gernot
Benini, Luca
Cryptography and Security
Hardware Architecture
Microarchitectural timing channels enable unwanted information flow across security boundaries, violating fundamental security assumptions. They leverage timing variations of several state-holding microarchitectural components and have been demonstrated across instruction set architectures and hardware implementations. Analogously to memory protection, Ge et al. have proposed time protection for preventing information leakage via timing channels. They also showed that time protection calls for hardware support. This work leverages the open and extensible RISC-V instruction set architecture (ISA) to introduce the temporal fence instruction fence.t, which provides the required mechanisms by clearing vulnerable microarchitectural state and guaranteeing a history-independent context-switch latency. We propose and discuss three different implementations of fence.t and implement them on an experimental version of the seL4 microkernel and CVA6, an open-source, in-order, application class, 64-bit RISC-V core. We find that a complete, systematic, ISA-supported erasure of all non-architectural core components is the most effective implementation while featuring a low implementation effort, a minimal performance overhead of less than 1%, and negligible hardware costs.
title Systematic Prevention of On-Core Timing Channels by Full Temporal Partitioning
topic Cryptography and Security
Hardware Architecture
url https://arxiv.org/abs/2202.12029