Prevention of Microarchitectural Covert Channels on an Open-Source 64-bit RISC-V Core

05/01/2020
by   Nils Wistoff, et al.
0

Covert channels enable information leakage across security boundaries of the operating system. Microarchitectural covert channels exploit changes in execution timing resulting from competing access to limited hardware resources. We use the recent experimental support for time protection, aimed at preventing covert channels, in the seL4 microkernel and evaluate the efficacy of the mechanisms against five known channels on Ariane, an open-source 64-bit application-class RISC-V core. We confirm that without hardware support, these defences are expensive and incomplete. We show that the addition of a single-instruction extension to the RISC-V ISA, that flushes microarchitectural state, can enable the OS to close all five evaluated covert channels with low increase in context switch costs and negligible hardware overhead. We conclude that such a mechanism is essential for security.

READ FULL TEXT

page 5

page 8

page 9

page 10

research
02/24/2022

Systematic Prevention of On-Core Timing Channels by Full Temporal Partitioning

Microarchitectural timing channels enable unwanted information flow acro...
research
10/12/2018

Time Protection: the Missing OS Abstraction

Timing channels enable data leakage that threatens the security of compu...
research
01/24/2019

Can We Prove Time Protection?

Timing channels are a significant and growing security threat in compute...
research
10/07/2019

Iodine: Verifying Constant-Time Execution of Hardware

To be secure, cryptographic algorithms crucially rely on the underlying ...
research
05/17/2021

MetaSys: A Practical Open-Source Metadata Management System to Implement and Evaluate Cross-Layer Optimizations

This paper introduces the first open-source FPGA-based infrastructure, M...
research
08/09/2021

Understanding Fuchsia Security

Fuchsia is a new open-source operating system created at Google that is ...
research
11/21/2022

MES-Attacks: Software-Controlled Covert Channels based on Mutual Exclusion and Synchronization

Multi-process concurrency is effective in improving program efficiency a...

Please sign up or login with your details

Forgot password? Click here to reset