A keystone extension to defend against cache timing attacks

Kai Nie; Rongcai Zhao; Xiao Zhang; Haoyang Chai

doi:10.1117/12.3032012

6 June 2024 A keystone extension to defend against cache timing attacks

Kai Nie, Rongcai Zhao, Xiao Zhang, Haoyang Chai

Proceedings Volume 13175, International Conference on Computer Network Security and Software Engineering (CNSSE 2024); 131751K (2024) https://doi.org/10.1117/12.3032012
Event: 4th International Conference on Computer Network Security and Software Engineering (CNSSE 2024), 2024, Sanya, China

Abstract

Trusted Execution Environment (TEE) find extensive applications in various scenarios such as secure cloud services, databases, big data computing, and blockchain. They establish a secure operational zone, often referred to as an Enclave, for applications. The Keystone Trusted Execution Environment offers a range of security primitives, including memory isolation, secure boot, and remote authentication. It stands out as the first open-source framework under the RISC-V architecture designed for constructing customized TEEs and is currently the mainstream TEE in the RISC-V architecture. However, Keystone itself does not provide protection for Enclaves or security monitors against Cache timing attacks. Recent research has demonstrated that malicious actors, leveraging Spectre attacks, can use Cache timing attack techniques to detect Enclave data through shared caches. This paper proposes a Keystone extension design, calling the extended framework Keyson-LLCI (Last Leavel Cache Isolation). Through security analysis, we prove that it can isolate enclaves and operating systems into different cache paths at the LLC level, thus eliminating the influence of cache side channels and increasing the isolation and security of enclaves. We implemented this hardware extension on an FPGA development board and conducted performance testing and IOZone testing. The test results indicate that Keystone-LLCI can effectively defend against Cache timing attacks, with a performance loss of approximately 14%. The latency of read and write operations increased by 12.4% and 14.1%, respectively. It represents an extension design with relatively low performance loss.

(2024) Published by SPIE. Downloading of the abstract is permitted for personal use only.

Citation Download Citation

Kai Nie, Rongcai Zhao, Xiao Zhang, and Haoyang Chai "A keystone extension to defend against cache timing attacks", Proc. SPIE 13175, International Conference on Computer Network Security and Software Engineering (CNSSE 2024), 131751K (6 June 2024); https://doi.org/10.1117/12.3032012

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available

Members: $17.00

Non-members: $21.00 ADD TO CART

PROCEEDINGS
8 PAGES

DOWNLOAD PAPER SAVE TO MY LIBRARY

GET CITATION

RIGHTS & PERMISSIONS

Get copyright permission Get copyright permission on Copyright Marketplace

KEYWORDS

Information security

Operating systems

Computer security

Defense and security

Design

Switches

Clouds

Show All Keywords

Keywords/Phrases

Search In:

Publication Years