fence.t.s: Closing Timing Channels in High-Performance Out-of-Order Cores through ISA-Supported Temporal Partitioning
- URL: http://arxiv.org/abs/2409.07576v1
- Date: Wed, 11 Sep 2024 19:06:03 GMT
- Title: fence.t.s: Closing Timing Channels in High-Performance Out-of-Order Cores through ISA-Supported Temporal Partitioning
- Authors: Nils Wistoff, Gernot Heiser, Luca Benini,
- Abstract summary: This work explores challenges with fence.t in superscalar out-of-order cores featuring large and pervasive microarchitectural state.
We propose a novel SW-supported temporal fence (fence.t.s) which reuses existing mechanisms and supports advanced microarchitectural features.
- Score: 12.777720034988473
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Microarchitectural timing channels exploit information leakage between security domains that should be isolated, bypassing the operating system's security boundaries. These channels result from contention for shared microarchitectural state. In the RISC-V instruction set, the temporal fence instruction (fence.t) was proposed to close timing channels by providing an operating system with the means to temporally partition microarchitectural state inexpensively in simple in-order cores. This work explores challenges with fence.t in superscalar out-of-order cores featuring large and pervasive microarchitectural state. To overcome these challenges, we propose a novel SW-supported temporal fence (fence.t.s), which reuses existing mechanisms and supports advanced microarchitectural features, enabling full timing channel protection of an exemplary out-of-order core (OpenC910) at negligible hardware costs and a minimal performance impact of 1.0 %.
Related papers
- Boosting Device Utilization in Control Flow Auditing [47.36491265793223]
Control Flow (CFAud) is a mechanism wherein a remote verifier (Vrf) is guaranteed to received evidence about the control flow path taken on a prover (Prv) MCU, even when Prv software is compromised.<n>Current CFAud requires a busy-wait'' phase where root-of-anchored root-of-RoT in Prv retains execution to ensure delivery of flow evidence to Vrf.<n>CARAMEL is a hardware RoT co-design that enables Prv to resume while control flow evidence is transmitted to Vrf.
arXiv Detail & Related papers (2026-03-02T18:26:17Z) - Blockchain-Enabled Routing for Zero-Trust Low-Altitude Intelligent Networks [77.17664010626726]
We focus on the routing with multiple UAV clusters in low-altitude intelligent networks (LAINs)<n>To minimize the damage caused by potential threats, we present the zero-trust architecture with the software-defined perimeter and blockchain techniques.<n>We show that the proposed framework reduces the average E2E delay by 59% and improves the TSR by 29% on average compared to benchmarks.
arXiv Detail & Related papers (2026-02-27T04:30:35Z) - PermuteV: A Performant Side-channel-Resistant RISC-V Core Securing Edge AI Inference [8.089262335514297]
We propose PermuteV, a performant side-channel resistant RISC-V core designed to secure neural network inference.<n>PermuteV employs a hardware-accelerated defense mechanism that randomly permutes the execution order of loop iterations.<n>We implement PermuteV on FPGA and perform evaluations in terms of side-channel security, hardware area, and runtime overhead.
arXiv Detail & Related papers (2025-12-19T23:31:16Z) - InfLLM-V2: Dense-Sparse Switchable Attention for Seamless Short-to-Long Adaptation [56.694702609077495]
Long-sequence processing is a critical capability for modern large language models.<n>InfLLM-V2 is a trainable sparse attention framework that seamlessly adapts models from short to long sequences.<n>In experiments, InfLLM-V2 is 4$times$ faster than dense attention while retaining 98.1% and 99.7% of the performance.
arXiv Detail & Related papers (2025-09-29T12:08:33Z) - Adaptive t Design Dummy-Gate Obfuscation for Cryogenic Scale Enforcement [0.0]
Cloud quantum services can reveal circuit structure and timing through scheduler metadata, latency patterns, and co-tenant interference.<n>We introduce NADGO, a scheduling and obfuscation stack that enforces operational privacy for gate-model workloads.<n>We prototype the approach on a 4-qubit superconducting tile with cryo-CMOS control and evaluate both depth-varied local-random circuits and small QAOA instances.
arXiv Detail & Related papers (2025-08-31T12:12:48Z) - Provable Execution in Real-Time Embedded Systems [8.816934283264633]
We develop Provable Execution Architecture for Real-Time Systems (PEARTS)<n>PEARTS is the first PoX system that can be directly deployed alongside a commodity embedded real-time operating system (FreeRTOS)
arXiv Detail & Related papers (2025-05-20T02:31:13Z) - ShadowBinding: Realizing Effective Microarchitectures for In-Core Secure Speculation Schemes [1.359473465752453]
We present effective microarchitectures for two state-of-the-art secure schemes.
We find that the IPC impact of in-core secure schemes is higher than previously estimated.
arXiv Detail & Related papers (2025-04-09T16:33:42Z) - μRL: Discovering Transient Execution Vulnerabilities Using Reinforcement Learning [4.938372714332782]
We propose using reinforcement learning to address the challenges of discovering microarchitectural vulnerabilities, such as Spectre and Meltdown.
Our RL agents interact with the processor, learning from real-time feedback to prioritize instruction sequences more likely to reveal vulnerabilities.
arXiv Detail & Related papers (2025-02-20T06:42:03Z) - BULKHEAD: Secure, Scalable, and Efficient Kernel Compartmentalization with PKS [16.239598954752594]
Kernel compartmentalization is a promising approach that follows the least-privilege principle.
We present BULKHEAD, a secure, scalable, and efficient kernel compartmentalization technique.
We implement a prototype system on Linux v6.1 to compartmentalize loadable kernel modules.
arXiv Detail & Related papers (2024-09-15T04:11:26Z) - Rethinking Transformer-Based Blind-Spot Network for Self-Supervised Image Denoising [94.09442506816724]
Blind-spot networks (BSN) have been prevalent neural architectures in self-supervised image denoising (SSID)
We build a Transformer-based Blind-Spot Network (TBSN) which shows strong local fitting and global perspective abilities.
arXiv Detail & Related papers (2024-04-11T15:39:10Z) - MKF-ADS: Multi-Knowledge Fusion Based Self-supervised Anomaly Detection System for Control Area Network [9.305680247704542]
Control Area Network (CAN) is an essential communication protocol that interacts between Electronic Control Units (ECUs) in the vehicular network.
CAN is facing stringent security challenges due to innate security risks.
We propose a self-supervised multi-knowledge fused anomaly detection model, called MKF-ADS.
arXiv Detail & Related papers (2024-03-07T07:40:53Z) - Betrayed by Attention: A Simple yet Effective Approach for Self-supervised Video Object Segmentation [76.68301884987348]
We propose a simple yet effective approach for self-supervised video object segmentation (VOS)
Our key insight is that the inherent structural dependencies present in DINO-pretrained Transformers can be leveraged to establish robust-temporal segmentation correspondences in videos.
Our method demonstrates state-of-the-art performance across multiple unsupervised VOS benchmarks and excels in complex real-world multi-object video segmentation tasks.
arXiv Detail & Related papers (2023-11-29T18:47:17Z) - Proving the Absence of Microarchitectural Timing Channels [0.6282171844772422]
A set of OS mechanisms called time protection was recently proposed as a principled way of preventing information leakage through such channels.
We formalise time protection and the underlying hardware mechanisms in a way that allows linking them to the information-flow proofs that showed the absence of storage channels in seL4.
arXiv Detail & Related papers (2023-10-25T22:52:37Z) - MCU-Wide Timing Side Channels and Their Detection [5.504422513647801]
Microarchitectural timing side channels have been thoroughly investigated as a security threat.
Recent activities demonstrate that this threat is real even in microcontrollers without such features.
We present a new formal method to close this gap.
arXiv Detail & Related papers (2023-09-22T15:23:57Z) - Citadel: Simple Spectre-Safe Isolation For Real-World Programs That Share Memory [8.414722884952525]
We introduce a new security property we call relaxed microarchitectural isolation (RMI)
RMI allows sensitive programs that are not-constant-time to share memory with an attacker while restricting the information leakage to that of non-speculative execution.
Our end-to-end prototype, Citadel, consists of an FPGA-based multicore processor that boots Linux and runs secure applications.
arXiv Detail & Related papers (2023-06-26T17:51:23Z) - Artificial Intelligence Empowered Multiple Access for Ultra Reliable and
Low Latency THz Wireless Networks [76.89730672544216]
Terahertz (THz) wireless networks are expected to catalyze the beyond fifth generation (B5G) era.
To satisfy the ultra-reliability and low-latency demands of several B5G applications, novel mobility management approaches are required.
This article presents a holistic MAC layer approach that enables intelligent user association and resource allocation, as well as flexible and adaptive mobility management.
arXiv Detail & Related papers (2022-08-17T03:00:24Z) - Recurrence-in-Recurrence Networks for Video Deblurring [58.49075799159015]
State-of-the-art video deblurring methods often adopt recurrent neural networks to model the temporal dependency between the frames.
In this paper, we propose recurrence-in-recurrence network architecture to cope with the limitations of short-ranged memory.
arXiv Detail & Related papers (2022-03-12T11:58:13Z) - Systematic Prevention of On-Core Timing Channels by Full Temporal Partitioning [13.313360308792198]
We introduce the temporal fence instruction fence.t, which provides the required mechanisms by clearing vulnerable microarchitectural state.<n>We implement fence.t on an experimental version of the seL4 microkernel and CVA6, an open-source, in-order, application class, 64-bit RISC-V core.<n>We find that a complete, systematic, ISA-supported erasure of all non-architectural core components is the most effective implementation.
arXiv Detail & Related papers (2022-02-24T11:17:34Z) - Time-Varying Channel Prediction for RIS-Assisted MU-MISO Networks via
Deep Learning [15.444805225936992]
Reconfigurable intelligent surface (RIS) has become a promising technology to improve the signal transmission quality of wireless communications.
However, accurate, low-latency and low-pilot-overhead channel state information (CSI) acquisition remains a considerable challenge in RIS-assisted systems.
We propose a three-stage joint channel decomposition and prediction framework to require CSI.
arXiv Detail & Related papers (2021-11-09T07:26:51Z) - Channel-wise Gated Res2Net: Towards Robust Detection of Synthetic Speech
Attacks [67.7648985513978]
Existing approaches for anti-spoofing in automatic speaker verification (ASV) still lack generalizability to unseen attacks.
We present a novel, channel-wise gated Res2Net (CG-Res2Net), which modifies Res2Net to enable a channel-wise gating mechanism.
arXiv Detail & Related papers (2021-07-19T12:27:40Z) - Safe RAN control: A Symbolic Reinforcement Learning Approach [62.997667081978825]
We present a Symbolic Reinforcement Learning (SRL) based architecture for safety control of Radio Access Network (RAN) applications.
We provide a purely automated procedure in which a user can specify high-level logical safety specifications for a given cellular network topology.
We introduce a user interface (UI) developed to help a user set intent specifications to the system, and inspect the difference in agent proposed actions.
arXiv Detail & Related papers (2021-06-03T16:45:40Z) - Decentralized Learning for Channel Allocation in IoT Networks over
Unlicensed Bandwidth as a Contextual Multi-player Multi-armed Bandit Game [134.88020946767404]
We study a decentralized channel allocation problem in an ad-hoc Internet of Things network underlaying on the spectrum licensed to a primary cellular network.
Our study maps this problem into a contextual multi-player, multi-armed bandit game, and proposes a purely decentralized, three-stage policy learning algorithm through trial-and-error.
arXiv Detail & Related papers (2020-03-30T10:05:35Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.