Trustworthy Systems

No security without time protection: we need a new hardware-software contract

Authors

Qian Ge, Yuval Yarom and Gernot Heiser

DATA61

UNSW Sydney

The University of Adelaide

Best Paper Award Complete timing-channel data for evaluated x86 and Arm platforms.

Abstract

The recent Spectre exploits demonstrated that covert timing channels are a mainstream security threat. Their prevention requires that operating systems provide time protection, in addition to the established memory protection. We propose OS mechanisms and designs which provide time protection, and define requirements on the hardware to enable them. We demonstrate that present mainstream processors do not meet these requirements, making them inherently insecure. We argue the need for a new security-oriented hardware-software contract, which we call the aISA as it augments the ISA, in order to enable time protection.

BibTeX Entry

  @inproceedings{Ge_YH_18,
    address          = {Korea},
    author           = {Ge, Qian and Yarom, Yuval and Heiser, Gernot},
    booktitle        = {Asia-Pacific Workshop on Systems (APSys)},
    date             = {2018-8-27},
    doi              = {10.1145/3265723.3265724},
    month            = aug,
    numpages         = {9},
    paperurl         = {https://trustworthy.systems/publications/full_text/Ge_YH_18.pdf},
    publisher        = {ACM SIGOPS},
    title            = {No Security Without Time Protection: We Need a New Hardware-Software Contract},
    year             = {2018}
  }

Download