Trustworthy Systems

fence.t.s: Closing timing channels in high-performance out-of-order cores through ISA-supported temporal partitioning

Authors

Nils Wistoff, Gernot Heiser and Luca Benini

    School of Computer Science and Engineering
    UNSW,
    Sydney 2052, Australia

Abstract

Microarchitectural timing channels exploit information leakage between security domains that should be isolated, bypassing the operating system's security boundaries. These channels result from contention for shared microarchitectural state. In the RISC-V instruction set, the temporal fence instruction (fence.t) was proposed to close timing channels by providing an operating system with the means to temporally partition microarchitectural state inexpensively in simple in-order cores. This work explores challenges with fence.t in superscalar out-of-order cores featuring large and pervasive microarchitectural state. To overcome these challenges, we propose a novel SW-supported temporal fence (fence.t.s), which reuses existing mechanisms and supports advanced microarchitectural features, enabling full timing channel protection of an exemplary out-of-order core (OpenC910) at negligible hardware costs and a minimal performance impact of 1.0%.

BibTeX Entry

  @inproceedings{Wistoff_HB_24,
    address          = {Turin, IT},
    author           = {Nils Wistoff and Gernot Heiser and Luca Benini},
    booktitle        = {International Conference on Applications in Electronics Pervading Industry, Environment and Society
                        (ApplePies)},
    month            = sep,
    paperurl         = {https://trustworthy.systems/publications/papers/Wistoff_HB_24.pdf},
    publisher        = {Springer},
    title            = {{fence.t.s}: Closing Timing Channels in High-Performance Out-of-Order Cores through {ISA}-Supported
                        Temporal Partitioning},
    year             = {2024}
  }

Download