Prevention of Microarchitectural Covert Channels on an Open-Source 64-bit RISC-V Core

05/01/2020
by   Nils Wistoff, et al.
0

Covert channels enable information leakage across security boundaries of the operating system. Microarchitectural covert channels exploit changes in execution timing resulting from competing access to limited hardware resources. We use the recent experimental support for time protection, aimed at preventing covert channels, in the seL4 microkernel and evaluate the efficacy of the mechanisms against five known channels on Ariane, an open-source 64-bit application-class RISC-V core. We confirm that without hardware support, these defences are expensive and incomplete. We show that the addition of a single-instruction extension to the RISC-V ISA, that flushes microarchitectural state, can enable the OS to close all five evaluated covert channels with low increase in context switch costs and negligible hardware overhead. We conclude that such a mechanism is essential for security.

READ FULL TEXT

Authors

page 5

page 8

page 9

page 10

02/24/2022

Systematic Prevention of On-Core Timing Channels by Full Temporal Partitioning

Microarchitectural timing channels enable unwanted information flow acro...
10/12/2018

Time Protection: the Missing OS Abstraction

Timing channels enable data leakage that threatens the security of compu...
01/24/2019

Can We Prove Time Protection?

Timing channels are a significant and growing security threat in compute...
10/07/2019

Iodine: Verifying Constant-Time Execution of Hardware

To be secure, cryptographic algorithms crucially rely on the underlying ...
08/09/2021

Understanding Fuchsia Security

Fuchsia is a new open-source operating system created at Google that is ...
11/30/2021

PERCIVAL: Open-Source Posit RISC-V Core with Quire Capability

The posit representation for real numbers is an alternative to the ubiqu...
05/17/2021

MetaSys: A Practical Open-Source Metadata Management System to Implement and Evaluate Cross-Layer Optimizations

This paper introduces the first open-source FPGA-based infrastructure, M...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.