Full-Processor Timing Channel Protection with Applications to Secure Hardware  Compartments

Ferraiuolo, Andrew; Wang, Yao; Xu, Rui; Zhang, Danfeng; Myers, Andrew; Suh, Edward

Full-Processor Timing Channel Protection with Applications to Secure Hardware Compartments

dc.contributor.author	Ferraiuolo, Andrew
dc.contributor.author	Wang, Yao
dc.contributor.author	Xu, Rui
dc.contributor.author	Zhang, Danfeng
dc.contributor.author	Myers, Andrew
dc.contributor.author	Suh, Edward
dc.date.accessioned	2017-04-25T14:30:52Z
dc.date.available	2015-11-10T19:26:25Z
dc.date.available	2017-04-25T14:30:52Z
dc.date.issued	2017-04-25
dc.description.abstract	This paper presents timing compartments, a hardware architecture abstraction that eliminates microarchitectural timing channels between groups of processes of VMs running on shared hardware. When coupled with conventional access controls, timing compartments provide strong isolation comparable to running software entities on separate machines. Timing compartments use microarchitecture mechanisms to enforce timing sensitive noninterference, which we prove formally through information flow analysis of an RTL implementation. In the process of systematically removing timing interference, we identify and remove new sources of timing channels, including cache coherence mechanisms and module interfaces, and introduce new performance optimizations. We also demonstrate how timing compartments may be extended to support a hardware-only TCB which ensures security even when the system is managed by an untrusted OS or hypervisor. The overheads of timing compartments are low; compared to a comparable insecure baseline, executing two timing compartments reduces system throughput by less than 7% on average and by less than 2% for compute-bound workloads.	en_US
dc.identifier.uri	https://hdl.handle.net/1813/41218
dc.language.iso	en_US	en_US
dc.relation.replaces	http://hdl.handle.net/1813/41218.1
dc.subject	timing channels	en_US
dc.subject	information flow	en_US
dc.subject	secure processors	en_US
dc.title	Full-Processor Timing Channel Protection with Applications to Secure Hardware Compartments	en_US
dc.type	article

Files

Original bundle

Now showing 1 - 1 of 1

Name:: paper.pdf
Size:: 362.97 KB
Format:: Adobe Portable Document Format
Description:: Main article

Download

Collections

Computing and Information Science Technical Reports

Version History

You are currently viewing version 2 of the item.

Now showing 1 - 2 of 2

Version	Date	Summary
2*	2017-04-25 10:29:06	The updated version has revised text, a better explanation of verification with information flow analysis, and results with a new optimization.
1	2015-11-10 14:26:25

* Selected version