IRONHIDE: A Secure Multicore that Efficiently Mitigates Microarchitecture State Attacks for Interactive Applications
share
Microprocessors enable aggressive hardware virtualization by means of which multiple processes temporally execute on the system. These security-critical and ordinary processes interact with each other to assure application progress. However, temporal sharing of hardware resources exposes the processor to various microarchitecture state attack vectors. State-of-the-art secure processor, such as MI6 adopts Intel's SGX enclave execution model. MI6 architects strong isolation against these vulnerabilities by isolating large memory components, and purging the microarchitecture state of private state resources on every enclave entry/exit. The purging overhead significantly impacts performance as the interactivity across the secure and insecure processes increases. This paper proposes IRONHIDE that extends the MI6 architecture in the context of multicores to form spatially isolated secure and insecure clusters of cores. For a given secure-insecure process tuple of an interactive application, IRONHIDE pins the secure process to the secure cluster, and it executes and interacts with the insecure process(es) without incurring the overheads of purging microarchitecture state on each interaction event. For a set of interactive applications, IRONHIDE improves performance by 32 microarchitecture state attacks.
READ FULL TEXT