Show simple item record

dc.contributor.authorFerraiuolo, Andrew
dc.contributor.authorWang, Yao
dc.contributor.authorXu, Rui
dc.contributor.authorZhang, Danfeng
dc.contributor.authorMyers, Andrew
dc.contributor.authorSuh, Edward
dc.description.abstractThis paper presents timing compartments, a hardware architecture abstraction that eliminates microarchitectural timing channels between groups of processes of VMs running on shared hardware. When coupled with conventional access controls, timing compartments provide strong isolation comparable to running software entities on separate machines. Timing compartments use microarchitecture mechanisms to enforce timing sensitive noninterference, which we prove formally through information flow analysis of an RTL implementation. In the process of systematically removing timing interference, we identify and remove new sources of timing channels, including cache coherence mechanisms and module interfaces, and introduce new performance optimizations. We also demonstrate how timing compartments may be extended to support a hardware-only TCB which ensures security even when the system is managed by an untrusted OS or hypervisor. The overheads of timing compartments are low; compared to a comparable insecure baseline, executing two timing compartments reduces system throughput by less than 7% on average and by less than 2% for compute-bound workloads.en_US
dc.subjecttiming channelsen_US
dc.subjectinformation flowen_US
dc.subjectsecure processorsen_US
dc.titleFull-Processor Timing Channel Protection with Applications to Secure Hardware Compartmentsen_US

Files in this item


This item appears in the following Collection(s)

Show simple item record


*Selected version