IRONHIDE: A Secure Multicore Architecture that Leverages Hardware Isolation Against Microarchitecture State Attacks
Modern microprocessors enable aggressive hardware virtualization that exposes the microarchitecture state of the processor due to temporal sharing of hardware resources. This paper proposes a novel secure multicore architecture, IRONHIDE that aims to mitigate both speculative and non-speculative microarchitecture state vulnerabilities. It introduces novel spatial allocation of hardware resources across two concurrent domains, i.e., a secure and an insecure application domain (referred to as clusters of cores). IRONHIDE enables strong isolation by disallowing sharing of any hardware structures across cluster boundaries to mitigate microarchitecture state attacks. To tackle speculative microarchitecture state vulnerabilities, this work introduces a novel insight that all speculative microarchitecture state exploits rely on a victim application to access secure cluster's memory regions. Thus, IRONHIDE incorporates a lightweight hardware check that detects such accesses, and stall them until they resolve. This mitigates potential speculative microarchitecture state attacks. Lastly, IRONHIDE enables dynamic hardware isolation by reallocating core-level resources across clusters to exploit multicore parallelism, while ensuring strong isolation for dynamically allocated resources.
READ FULL TEXT