DeepAI AI Chat
Log In Sign Up

IRONHIDE: A Secure Multicore Architecture that Leverages Hardware Isolation Against Microarchitecture State Attacks

by   Hamza Omar, et al.

Modern microprocessors enable aggressive hardware virtualization that exposes the microarchitecture state of the processor due to temporal sharing of hardware resources. This paper proposes a novel secure multicore architecture, IRONHIDE that aims to mitigate both speculative and non-speculative microarchitecture state vulnerabilities. It introduces novel spatial allocation of hardware resources across two concurrent domains, i.e., a secure and an insecure application domain (referred to as clusters of cores). IRONHIDE enables strong isolation by disallowing sharing of any hardware structures across cluster boundaries to mitigate microarchitecture state attacks. To tackle speculative microarchitecture state vulnerabilities, this work introduces a novel insight that all speculative microarchitecture state exploits rely on a victim application to access secure cluster's memory regions. Thus, IRONHIDE incorporates a lightweight hardware check that detects such accesses, and stall them until they resolve. This mitigates potential speculative microarchitecture state attacks. Lastly, IRONHIDE enables dynamic hardware isolation by reallocating core-level resources across clusters to exploit multicore parallelism, while ensuring strong isolation for dynamically allocated resources.


page 1

page 2

page 7

page 8

page 11

page 13


IRONHIDE: A Secure Multicore that Efficiently Mitigates Microarchitecture State Attacks for Interactive Applications

Microprocessors enable aggressive hardware virtualization by means of wh...

Enclave-Aware Compartmentalization and Secure Sharing with Sirius

Hardware-assisted trusted execution environments (TEEs) are critical bui...

Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX

Intel Software Guard Extensions (SGX) enables user-level code to create ...

Garmr: Defending the gates of PKU-based sandboxing

Memory Protection Keys for Userspace (PKU) is a recent hardware feature ...

Provably Secure Isolation for Interruptible Enclaved Execution on Small Microprocessors: Extended Version

Computer systems often provide hardware support for isolation mechanisms...

Supporting Parallelism in Server-based Multiprocessor Systems

Developing an efficient server-based real-time scheduling solution that ...

Secure Memory Management on Modern Hardware

Almost all modern hardware, from phone SoCs to high-end servers with acc...