With Great Complexity Comes Great Vulnerability: From Stand-Alone Fixes to Reconfigurable Security

The increasing complexity of modern computing devices has rendered security architectures vulnerable to recent side-channel and transient-execution attacks. We discuss the most relevant defenses as well as their drawbacks and how to overcome them for next-generation secure processor design.

[1]  Srinivas Devadas,et al.  MI6: Secure Enclaves in a Speculative Out-of-Order Processor , 2018, MICRO.

[2]  Ghada Dessouky,et al.  HybCache: Hybrid Side-Channel-Resilient Caches for Trusted Execution Environments , 2019, USENIX Security Symposium.

[3]  Dawn Xiaodong Song,et al.  Keystone: A Framework for Architecting TEEs , 2019, ArXiv.

[4]  Michael K. Reiter,et al.  Detecting Privileged Side-Channel Attacks in Shielded Execution with Déjà Vu , 2017, AsiaCCS.

[5]  Srdjan Capkun,et al.  DR.SGX: automated and adjustable side-channel protection for SGX using data location randomization , 2019, ACSAC.

[6]  Marcus Peinado,et al.  T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs , 2017, NDSS.

[7]  Mario Werner,et al.  ScatterCache: Thwarting Cache Attacks via Cache Set Randomization , 2019, USENIX Security Symposium.

[8]  Andrew Ferraiuolo,et al.  SecDCP: Secure dynamic cache partitioning for efficient timing channel protection , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[9]  Jeyavijayan Rajendran,et al.  HardFails: Insights into Software-Exploitable Hardware Bugs , 2019, USENIX Security Symposium.

[10]  Srinivas Devadas,et al.  Sanctum: Minimal Hardware Extensions for Strong Software Isolation , 2016, USENIX Security Symposium.

[11]  Frank Piessens,et al.  A Systematic Evaluation of Transient Execution Attacks and Defenses , 2018, USENIX Security Symposium.

[12]  Srinivas Devadas,et al.  DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors , 2018, 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[13]  Ahmad-Reza Sadeghi,et al.  SANCTUARY: ARMing TrustZone with User-space Enclaves , 2019, NDSS.

[14]  Moinuddin K. Qureshi CEASER: Mitigating Conflict-Based Cache Attacks via Encrypted-Address and Remapping , 2018, 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).