DeepAI AI Chat
Log In Sign Up

IRONHIDE: A Secure Multicore that Efficiently Mitigates Microarchitecture State Attacks for Interactive Applications

by   Hamza Omar, et al.

Microprocessors enable aggressive hardware virtualization by means of which multiple processes temporally execute on the system. These security-critical and ordinary processes interact with each other to assure application progress. However, temporal sharing of hardware resources exposes the processor to various microarchitecture state attack vectors. State-of-the-art secure processor, such as MI6 adopts Intel's SGX enclave execution model. MI6 architects strong isolation against these vulnerabilities by isolating large memory components, and purging the microarchitecture state of private state resources on every enclave entry/exit. The purging overhead significantly impacts performance as the interactivity across the secure and insecure processes increases. This paper proposes IRONHIDE that extends the MI6 architecture in the context of multicores to form spatially isolated secure and insecure clusters of cores. For a given secure-insecure process tuple of an interactive application, IRONHIDE pins the secure process to the secure cluster, and it executes and interacts with the insecure process(es) without incurring the overheads of purging microarchitecture state on each interaction event. For a set of interactive applications, IRONHIDE improves performance by  32 microarchitecture state attacks.


IRONHIDE: A Secure Multicore Architecture that Leverages Hardware Isolation Against Microarchitecture State Attacks

Modern microprocessors enable aggressive hardware virtualization that ex...

MI6: Secure Enclaves in a Speculative Out-of-Order Processor

Recent attacks have broken process isolation by exploiting microarchitec...

Enclave-Aware Compartmentalization and Secure Sharing with Sirius

Hardware-assisted trusted execution environments (TEEs) are critical bui...

Secure Remote Attestation with Strong Key Insulation Guarantees

Recent years have witnessed a trend of secure processor design in both a...

PA-Boot: A Formally Verified Authentication Protocol for Multiprocessor Secure Boot

Hardware supply-chain attacks are raising significant security threats t...

ProSpeCT: Provably Secure Speculation for the Constant-Time Policy (Extended version)

We propose ProSpeCT, a generic formal processor model providing provably...

CURE: A Security Architecture with CUstomizable and Resilient Enclaves

Security architectures providing Trusted Execution Environments (TEEs) h...