Trustworthy Systems

Prevention of microarchitectural covert channels on an open-source 64-bit RISC-V core

Authors

Nils Wistoff, Moritz Schneider, Frank Gürkaynak, Luca Benini and Gernot Heiser

DATA61

ETH Zurich

UNSW Sydney

Abstract

Covert channels enable information leakage across security bound- aries of the operating system. Microarchitectural covert channels exploit changes in execution timing resulting from competing access to limited hardware resources. We use the recent experimental support for time protection, aimed at preventing covert channels, in the seL4 microkernel and evaluate the efficacy of the mechanisms against five known channels. We confirm that without hardware support, these defences are expensive and incomplete. We show that the addition of a simple instruction that flushes microarchitectural state can enable the OS to close all five evaluated covert channels, with low increase in context switch costs and negligible hardware overhead. We conclude that such a mechanism is essential for security.

BibTeX Entry

  @inproceedings{Wistoff_SGBH_20,
    address          = {Valencia, Spain},
    author           = {Wistoff, Nils and Schneider, Moritz and G\"{u}rkaynak, Frank and Benini, Luca and Heiser, Gernot},
    booktitle        = {Workshop on Computer Architecture Research with {RISC-V} (CARRV)},
    date             = {2020-5-29},
    keywords         = {covert channels timing channels},
    month            = may,
    numpages         = {7},
    paperurl         = {https://trustworthy.systems/publications/full_text/Wistoff_SGBH_20.pdf},
    publisher        = {ACM},
    title            = {Prevention of Microarchitectural Covert Channels on an Open-Source 64-bit {RISC}-{V} Core},
    video            = {https://carrv.github.io/2020/videos/CARRV_10_Wistoff.html},
    year             = {2020}
  }

Download