JavaScript is disabled for your browser. Some features of this site may not work without it.
Full-Processor Timing Channel Protection with Applications to Secure Hardware Compartments

Author
Ferraiuolo, Andrew; Wang, Yao; Xu, Rui; Zhang, Danfeng; Myers, Andrew; Suh, Edward
Abstract
This paper presents timing compartments, a hardware architecture
abstraction that eliminates microarchitectural timing channels between
groups of processes of VMs running on shared hardware.
When coupled with conventional access controls, timing compartments provide
strong isolation comparable to running software entities on separate
machines. Timing compartments use microarchitecture mechanisms to enforce
timing sensitive noninterference, which we prove formally through
information flow analysis of an RTL implementation. In the process of
systematically removing timing interference, we identify and remove new
sources of timing channels, including cache coherence mechanisms and module
interfaces, and introduce new performance optimizations. We also
demonstrate how timing compartments may be extended to support a
hardware-only TCB which ensures security even when the system is managed
by an untrusted OS or hypervisor. The overheads of timing compartments are
low; compared to a comparable insecure baseline, executing two timing
compartments reduces system throughput by less than 7% on average and by
less than 2% for compute-bound workloads.
Date Issued
2017-04-25Subject
timing channels; information flow; secure processors
Type
article