Microarchitectural timing attacks are a type of information leakage attack, which exploit the time-shared microarchitectural components, such as caches, translation look-aside buffers (TLBs), branch prediction unit (BPU), and speculative execution, in modern processors to leak critical information from a victim process or thread. To mitigate such attacks, the mechanism for flushing the on-core state is extensively used by operating-system-level solutions, since on-core state is too expensive to partition. In these systems, the flushing operations are implemented in software (using cache maintenance instructions), which severely limit the efficiency of timing attack protection. To bridge this gap, we propose specialized hardware support, a single-instruction multiple-flush (SIMF) mechanism to flush the core-level state, which consists of L1 caches, BPU, TLBs, and register file. We demonstrate SIMF by implementing it as an ISA extension, i.e., flushx instruction, in scalar in-order RISC-V processor. The resultant processor is prototyped on Xilinx ZCU102 FPGA and validated with state-of-art seL4 microkernel, Linux kernel in multi-core scenarios, and a cache timing attack. Our evaluation shows that SIMF significantly alleviates the overhead of flushing by more than a factor of two in execution time and reduces dynamic instruction count by orders-of-magnitude.

中文翻译：

---

SIMF：用于处理器时间隔离的单指令多刷新机制

微体系结构定时攻击是一种信息泄漏攻击，它利用分时共享的微体系结构组件（例如缓存，翻译后备缓冲区（TLB），分支预测单元（BPU）和推测性执行）在现代处理器中泄漏严重信息来自受害者进程或线程的信息。为了减轻此类攻击，操作系统级别的解决方案广泛使用了刷新内核状态的机制，因为内核状态对于分区而言过于昂贵。在这些系统中，刷新操作在软件中实现（使用高速缓存维护指令），这严重限制了定时攻击保护的效率。为了弥合这种差距，我们提出了专门的硬件支持，即一种单指令多刷新（SIMF）机制来刷新内核级状态，该机制由L1缓存，BPU，TLB和注册文件。我们通过在标量有序RISC-V处理器中将其实现为ISA扩展（即flushx指令）来演示SIMF。最终的处理器在Xilinx ZCU102 FPGA上原型化，并通过最新的seL4微内核，多核场景下的Linux内核以及高速缓存定时攻击进行了验证。我们的评估表明，SIMF可以将执行时的刷新开销显着减少两倍以上，并且可以将动态指令数量减少数量级。