Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

From the abstract:

> We have been working for a number of years on time protection, the temporal equivalent of memory protection, as a systematic timing-channel prevention. Our experience on x86 and ARM processors is that they lack the mechanisms to do this completely. RISC-V presents an opportunity to get this right, and I will report on my experience working with the RISC-V Foundation's Security Standing Committee to get the required mechanisms into the processor specification.

Last I read, for ARM and x86 they were exploring page and cache coloring techniques for memory allocation. I'm curious if the mechanisms they'll recommend for RISC-V are in this vein (i.e. cache partitioning), or something else entirely.



Their implementation of time protection is presented here: "Prevention of Microarchitectural Covert Channels on an Open-Source 64-bit RISC-V Core". https://arxiv.org/abs/2005.02193

They use cache partitioning, but that's not the whole story. Temporal fence instruction, fence.t, is introduced.

In their first try, they cleared L1, TLB, branch history, and flushed pipeline. They discovered this is not enough, and covert timing channel persisted.

In their second try, in addition to first try, they cleared cache replacement state, cache arbitration state, and TLB replacement state. This eliminated the channel, achieving Shannon channel capacity of zero.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: