当前位置: X-MOL 学术IEEE Micro › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Creating Foundations for Secure Microarchitectures with Data-Oblivious ISA Extensions
IEEE Micro ( IF 3.6 ) Pub Date : 2020-01-01 , DOI: 10.1109/mm.2020.2985366
Jiyong Yu 1 , Lucas Hsiung 2 , Mohamad El Hajj 1 , Christopher W. Fletcher 1
Affiliation  

It is not possible to write microarchitectural side channel-free code on commercial processors today. Even when we try, the resulting code is low performance. This article's goal is to lay an ISA-level foundation, called a Data-Oblivious ISA (OISA) extension, to address these problems. The key idea with an OISA is to explicitly but abstractly specify security policy, so that the policy can be decoupled from the microarchitecture and even the threat model. Analogous to a traditional ISA, this enables an OISA to serve as a portable security-centric abstraction for software while enabling security-aware implementation and optimization flexibility for hardware. The article starts by giving a deep-dive in OISA principles and formal definitions underpinning OISA security. We also provide a concrete OISA built on top of RISC-V, an implementation prototype on the RISC-V BOOM microarchitecture, a formal analysis and security argument, and finally extensive performance evaluation on a range of data-oblivious benchmarks.

中文翻译:

使用无数据 ISA 扩展为安全微架构创建基础

今天不可能在商业处理器上编写微架构无侧信道代码。即使我们尝试,结果代码也是低性能的。本文的目标是奠定 ISA 级别的基础,称为 Data-Oblivious ISA (OISA) 扩展,以解决这些问题。OISA 的关键思想是明确但抽象地指定安全策略,以便策略可以与微架构甚至威胁模型分离。与传统 ISA 类似,这使 OISA 能够充当软件的可移植的以安全为中心的抽象,同时为硬件实现安全感知实施和优化灵活性。本文首先深入探讨了支持 OISA 安全的 OISA 原则和正式定义。我们还提供建立在 RISC-V 之上的具体 OISA,
更新日期:2020-01-01
down
wechat
bug