Creating Foundations for Secure Microarchitectures with Data-Oblivious ISA Extensions

Jiyong Yu, Lucas Hsiung, Mohamad El Hajj, Christopher W. Fletcher

Research output: Contribution to journalArticle

Abstract

It is not possible to write microarchitectural side channel-free code on commercial processors today. Even when we try, the resulting code is low performance. This article's goal is to lay an ISA-level foundation, called a Data-Oblivious ISA (OISA) extension, to address these problems. The key idea with an OISA is to explicitly but abstractly specify security policy, so that the policy can be decoupled from the microarchitecture and even the threat model. Analogous to a traditional ISA, this enables an OISA to serve as a portable security-centric abstraction for software while enabling security-aware implementation and optimization flexibility for hardware. The article starts by giving a deep-dive in OISA principles and formal definitions underpinning OISA security. We also provide a concrete OISA built on top of RISC-V, an implementation prototype on the RISC-V BOOM microarchitecture, a formal analysis and security argument, and finally extensive performance evaluation on a range of data-oblivious benchmarks.

Original languageEnglish (US)
Article number9057402
Pages (from-to)99-107
Number of pages9
JournalIEEE Micro
Volume40
Issue number3
DOIs
StatePublished - May 1 2020

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Creating Foundations for Secure Microarchitectures with Data-Oblivious ISA Extensions'. Together they form a unique fingerprint.

  • Cite this