Sanctum demonstrates that strong software isolation is achievable with a surprisingly small set of minimally invasive hardware changes, and a very reasonable overhead. Sanctum does not change any major CPU building block. Instead, we add hardware at the interfaces between building blocks, without impacting cycle time.
Our prototype shows a 2% area increase in a Rocket RISC-V core. Over a set of benchmarks, Sanctum's worst observed overhead for isolated execution is 15.1% over an idealized insecure baseline, and 2.7% average overhead over a representative insecure baseline.
Category / Keywords: applications / Original Publication (with minor differences): USENIX Security Symposium 2016 Date: received 8 Jun 2015, last revised 21 Feb 2017 Contact author: victor at costan us Available format(s): PDF | BibTeX Citation Note: Typo fixes and minor technical fixes Version: 20170221:074117 (All versions of this report) Short URL: ia.cr/2015/564