Paper 2015/564

Sanctum: Minimal Hardware Extensions for Strong Software Isolation

Victor Costan, Ilia Lebedev, and Srinivas Devadas

Abstract

Sanctum offers the same promise as SGX, namely strong provable isolation of software modules running concurrently and sharing resources, but protects against an important class of additional software attacks that infer private information from a program's memory access patterns. We follow a principled approach to eliminating entire attack surfaces through isolation, rather than plugging attack-specific privacy leaks. Sanctum demonstrates that strong software isolation is achievable with a surprisingly small set of minimally invasive hardware changes, and a very reasonable overhead. Sanctum does not change any major CPU building block. Instead, we add hardware at the interfaces between building blocks, without impacting cycle time. Our prototype shows a 2% area increase in a Rocket RISC-V core. Over a set of benchmarks, Sanctum's worst observed overhead for isolated execution is 15.1% over an idealized insecure baseline, and 2.7% average overhead over a representative insecure baseline.

Note: Typo fixes and minor technical fixes

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Minor revision. USENIX Security Symposium 2016
Contact author(s)
victor @ costan us
History
2017-02-21: last of 3 revisions
2015-06-17: received
See all versions
Short URL
https://ia.cr/2015/564
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/564,
      author = {Victor Costan and Ilia Lebedev and Srinivas Devadas},
      title = {Sanctum: Minimal Hardware Extensions for Strong Software Isolation},
      howpublished = {Cryptology ePrint Archive, Paper 2015/564},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/564}},
      url = {https://eprint.iacr.org/2015/564}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.