Provably Secure Isolation for Interruptible Enclaved Execution on Small Microprocessors: Extended Version

by   Matteo Busi, et al.

Computer systems often provide hardware support for isolation mechanisms like privilege levels, virtual memory, or enclaved execution. Over the past years, several successful software-based side-channel attacks have been developed that break, or at least significantly weaken the isolation that these mechanisms offer. Extending a processor with new architectural or micro-architectural features, brings a risk of introducing new such side-channel attacks. This paper studies the problem of extending a processor with new features without weakening the security of the isolation mechanisms that the processor offers. We propose to use full abstraction as a formal criterion for the security of a processor extension, and we instantiate that criterion to the concrete case of extending a microprocessor that supports enclaved execution with secure interruptibility of these enclaves. This is a very relevant instantiation as several recent papers have shown that interruptibility of enclaves leads to a variety of software-based side-channel attacks. We propose a design for interruptible enclaves, and prove that it satisfies our security criterion. We also implement the design on an open-source enclave-enabled microprocessor, and evaluate the cost of our design in terms of performance and hardware size.



There are no comments yet.


page 1


HECTOR-V: A Heterogeneous CPU Architecture for a Secure RISC-V Execution Environment

To ensure secure and trustworthy execution of applications, vendors freq...

MI6: Secure Enclaves in a Speculative Out-of-Order Processor

Recent attacks have broken process isolation by exploiting microarchitec...

Methodically Defeating Nintendo Switch Security

We explain, step by step, how we strategically circumvented the Nintendo...

Hardware-Software Contracts for Secure Speculation

Since the discovery of Spectre, a large number of hardware mechanisms fo...

LEASH: Enhancing Micro-architectural Attack Detection with a Reactive Process Scheduler

Micro-architectural attacks use information leaked through shared resour...

IRONHIDE: A Secure Multicore Architecture that Leverages Hardware Isolation Against Microarchitecture State Attacks

Modern microprocessors enable aggressive hardware virtualization that ex...

FlexOS: Towards Flexible OS Isolation

At design time, modern operating systems are locked in a specific safety...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.