Cryptology ePrint Archive: Report 2015/564

Sanctum: Minimal Hardware Extensions for Strong Software Isolation

Victor Costan and Ilia Lebedev and Srinivas Devadas

Abstract: Sanctum offers the same promise as SGX, namely strong provable isolation of software modules running concurrently and sharing resources, but protects against an important class of additional software attacks that infer private information from a program's memory access patterns. We follow a principled approach to eliminating entire attack surfaces through isolation, rather than plugging attack-specific privacy leaks.

Sanctum demonstrates that strong software isolation is achievable with a surprisingly small set of minimally invasive hardware changes, and a very reasonable overhead. Sanctum does not change any major CPU building block. Instead, we add hardware at the interfaces between building blocks, without impacting cycle time.

Our prototype shows a 2% area increase in a Rocket RISC-V core. Over a set of benchmarks, Sanctum's worst observed overhead for isolated execution is 15.1% over an idealized insecure baseline, and 2.7% average overhead over a representative insecure baseline.

Category / Keywords: applications /

Original Publication (with minor differences): USENIX Security Symposium 2016

Date: received 8 Jun 2015, last revised 21 Feb 2017

Contact author: victor at costan us

Available format(s): PDF | BibTeX Citation

Note: Typo fixes and minor technical fixes

Version: 20170221:074117 (All versions of this report)

Short URL: ia.cr/2015/564

Discussion forum: Show discussion | Start new discussion