Cryptology ePrint Archive: Report 2015/564

Sanctum: Minimal Hardware Extensions for Strong Software Isolation

Victor Costan and Ilia Lebedev and Srinivas Devadas

Abstract: Sanctum offers the same promise as SGX, namely strong provable isolation of software modules running concurrently and sharing resources, but protects against an important class of additional software attacks that infer private information from a program's memory access patterns. We follow a principled approach to eliminating entire attack surfaces through isolation, rather than plugging attack-specific privacy leaks.

Sanctum demonstrates that strong software isolation is achievable with a surprisingly small set of minimally invasive hardware changes, and a very reasonable overhead. Sanctum does not change any major CPU building block. Instead, we add hardware at the interfaces between building blocks, without impacting cycle time.

Our prototype shows a 2% area increase in a Rocket RISC-V core. Over a set of benchmarks, Sanctum's worst observed overhead for isolated execution is 15.1% over an idealized insecure baseline, and 2.7% average overhead over a representative insecure baseline.

Category / Keywords: applications /

Original Publication (with minor differences): Submitted for MICRO 2015

Date: received 8 Jun 2015, last revised 13 Oct 2015

Contact author: victor at costan us

Available format(s): PDF | BibTeX Citation

Note: This is the paper version that was submitted to ASPLOS 2016.

Version: 20151013:214106 (All versions of this report)

Short URL: ia.cr/2015/564

Discussion forum: Show discussion | Start new discussion