Proceedings 2019 Network and Distributed System Security Symposium 2019
DOI: 10.14722/ndss.2019.23061
|View full text |Cite
|
Sign up to set email alerts
|

Data Oblivious ISA Extensions for Side Channel-Resistant and High Performance Computing

Abstract: Blocking microarchitectural (digital) side channels is one of the most pressing challenges in hardware security today. Recently, there has been a surge of effort that attempts to block these leakages by writing programs data obliviously. In this model, programs are written to avoid placing sensitive data-dependent pressure on shared resources. Despite recent efforts, however, running data oblivious programs on modern machines today is insecure and low performance. First, writing programs obliviously assumes ce… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
52
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
5
3

Relationship

2
6

Authors

Journals

citations
Cited by 54 publications
(53 citation statements)
references
References 53 publications
(146 reference statements)
0
52
0
Order By: Relevance
“…Taram et al [85] defined all userspace memory and user input as secret. However, this can be very expensive, and consequently, Yu et al [101] proposed a less expensive annotation-based protection mechanism. While this is an important discussion, it is orthogonal to this work.…”
Section: Discussionmentioning
confidence: 99%
See 1 more Smart Citation
“…Taram et al [85] defined all userspace memory and user input as secret. However, this can be very expensive, and consequently, Yu et al [101] proposed a less expensive annotation-based protection mechanism. While this is an important discussion, it is orthogonal to this work.…”
Section: Discussionmentioning
confidence: 99%
“…Besides annotation of secrets, it would also be possible to architecturally define groups of secrets, e.g., based on the data type as suggested by Carr and Payer [15], or by defining all userspace memory and user input as secret as proposed by Taram et al [85]. However, this can be very expensive, and consequently, related work is also investigating annotationbased protection mechanisms [101]. When the operating system loads the binary, memory regions containing the annotated secrets are marked nontransient.…”
Section: Design Of Contextmentioning
confidence: 99%
“…G4 Log Availability. In addition to detecting violations of log integrity, the system should provide assurance of 2 CUSTOS' security in the context of micro-architectural side channels reduces to software in the TEE being able to protect secret keys during cryptographic routines (e.g., when calculating digital signatures), which is a well-studied and orthogonal problem [122], [103], [18], [12], [129], [125]. log availability.…”
Section: Threat Model and Goalsmentioning
confidence: 99%
“…6). One option is to let software control compression (e.g., [91]), but this implies ISA changes, storage overheads to track which data should not be compressed, and requires programmers to correctly identify secrets. A different option is cache partitioning, which is non-trivial because compressed caches have decoupled tag and data arrays with different geometries (and both must be partitioned), and partitioning reduces compression ratio.…”
Section: Contributionmentioning
confidence: 99%
“…Prior work on Data Oblivious ISA extensions [91] briefly mentions the use of cache compression to defeat constant time/data oblivious programming, but does not go into details or allude to active cache compression attacks (Sec. 4).…”
Section: Colocating Attacker-controlled Datamentioning
confidence: 99%