Modern micro-architectural attacks, including cache-based side-channel and speculative execution attacks, have increasingly challenged the security of contemporary processors. Recent studies have revealed that the Translation Lookaside Buffer (TLB) can also serve as a vector for timing-based side-channel and covert channel attacks, exposing sensitive information similarly to cache-based attacks. As TLBs are crucial to both CPUs and GPUs, the prevalence and potential impact of such attacks are likely to increase. However, existing defenses often fail to balance security guarantees with architectural scalability, particularly under realistic multi-process execution environments. To address these limitations, we propose a secure and scalable TLB partitioning architecture that separates entries into secure and non-secure domains. When the secure domain is inactive, its partition can be temporarily repurposed by non-secure processes, improving TLB utilization without weakening security guarantees. We implement our architecture on both Linux and the gem5 simulator, and evaluate its performance using standard benchmarks. Experimental results show that our approach incurs low overhead while improving scalability compared to previous solutions.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Secure and Scalable TLB Partitioning Against Timing Side-Channel Attacks

  • Tianyi Huang,
  • Xiaolin Zhang,
  • Kailun Qin,
  • Boshi Yuan,
  • Chenghao Chen,
  • Yipeng Shi,
  • Chi Zhang,
  • Dawu Gu

摘要

Modern micro-architectural attacks, including cache-based side-channel and speculative execution attacks, have increasingly challenged the security of contemporary processors. Recent studies have revealed that the Translation Lookaside Buffer (TLB) can also serve as a vector for timing-based side-channel and covert channel attacks, exposing sensitive information similarly to cache-based attacks. As TLBs are crucial to both CPUs and GPUs, the prevalence and potential impact of such attacks are likely to increase. However, existing defenses often fail to balance security guarantees with architectural scalability, particularly under realistic multi-process execution environments. To address these limitations, we propose a secure and scalable TLB partitioning architecture that separates entries into secure and non-secure domains. When the secure domain is inactive, its partition can be temporarily repurposed by non-secure processes, improving TLB utilization without weakening security guarantees. We implement our architecture on both Linux and the gem5 simulator, and evaluate its performance using standard benchmarks. Experimental results show that our approach incurs low overhead while improving scalability compared to previous solutions.