Under the Dome: Preventing Hardware Timing Information Leakage

Escouteloup, Mathieu; Lashermes, Ronan; Fournier, Jacques; Lanet, Jean-Louis

doi:10.1007/978-3-030-97348-3_13

Cited by 5 publications

(2 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In their work [47], the authors showed, through static analysis, that flipping some bits of variablelength instructions encoding could realign the code, resulting in dangerous erroneous behaviors. In addition, it was claimed in another paper [48] that variable-length instructions might bring more return-oriented programming attacks (specific attacks detailed in [49] ). This section presents a vulnerability analysis of AES encryption algorithm using the preceding fault models, specifically when the code is misaligned in memory.…”

Section: Vulnerability Analysis On Aesmentioning

confidence: 99%

Cross-layer analysis of clock glitch fault injection while fetching variable-length instructions

Alshaer,

Burghoorn,

Colombier

et al. 2024

J Cryptogr Eng

View full text Add to dashboard Cite

With the increasing complexity of embedded systems, the use of variable-length instruction sets has become essential, so that higher code density and better performance can be achieved. Security aspects are closely linked, considering the continuous improvement of attack techniques and equipment. Fault injection is among the most interesting and rising physical attack techniques. However, hardware designers and software developers lack accurate fault models to evaluate the vulnerabilities of their designs or codes in the presence of such attacks. In this article, we provide a proper characterization, at instruction set architecture (ISA) level, of several faulty behaviors that are experimentally observed when a processor running a variable-length instruction set is targeted. We include the binary encoding of instructions, and show how the obtained behaviors depend on the alignment in memory. Moreover, we give a deeper insight on previous results from the literature, that were still left unexplained. Additionally, we move downward at system level and consider the register-transfer level (RTL) to perform RTL fault simulation; This enables a better understanding of the faults propagation, validate the inferred fault models at ISA level, and reveal the origin of such faults at microarchitectural level. Finally, applying the given fault models leads us to provide vulnerability analysis on three different implementations of AES.

show abstract

Section: Vulnerability Analysis On Aesmentioning

confidence: 99%

Cross-layer analysis of clock glitch fault injection while fetching variable-length instructions

Alshaer,

Burghoorn,

Colombier

et al. 2024

J Cryptogr Eng

View full text Add to dashboard Cite

show abstract

“…Li et al [35] propose FENCEX, an instruction similar to the basic flush version of fence.t presented in Section 4.2.1 of this work, which we found insufficient to close all timing channels reliably. Escouteloup et al [36] present an ISA extension that allows the allocation of hardware resources to security domains. They implement and evaluate their proposal bare-metal on an embedded RISC-V core designed to model known microarchitectural vulnerabilities, whereas this work targets an existing, application-class RISC-V core, optimised for efficiency and running a full operating system.…”

Section: Related Workmentioning

confidence: 99%

Systematic Prevention of On-Core Timing Channels by Full Temporal Partitioning

Wistoff¹,

Schneider²,

Gürkaynak³

et al. 2022

Preprint

View full text Add to dashboard Cite

Microarchitectural timing channels enable unwanted information flow across security boundaries, violating fundamental security assumptions. They leverage timing variations of several state-holding microarchitectural components and have been demonstrated across instruction set architectures and hardware implementations. Analogously to memory protection, Ge et al. [1] have proposed time protection for preventing information leakage via timing channels. They also showed that time protection calls for hardware support. This work leverages the open and extensible RISC-V instruction set architecture (ISA) to introduce the temporal fence instruction fence.t, which provides the required mechanisms by clearing vulnerable microarchitectural state and guaranteeing a history-independent context-switch latency. We propose and discuss three different implementations of fence.t and implement them on an experimental version of the seL4 microkernel [2] and CVA6, an open-source, in-order, application class, 64-bit RISC-V core [3]. We find that a complete, systematic, ISA-supported erasure of all non-architectural core components is the most effective implementation while featuring a low implementation effort, a minimal performance overhead of approximately 2 %, and negligible hardware costs.

show abstract

Minimal Partitioning Kernel with Time Protection and Predictability

Karlsson

2024

2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

View full text Add to dashboard Cite

Under the Dome: Preventing Hardware Timing Information Leakage

Cited by 5 publications

References 23 publications

Cross-layer analysis of clock glitch fault injection while fetching variable-length instructions

Cross-layer analysis of clock glitch fault injection while fetching variable-length instructions

Systematic Prevention of On-Core Timing Channels by Full Temporal Partitioning

Minimal Partitioning Kernel with Time Protection and Predictability

Contact Info

Product

Resources

About