English

Provably Secure Isolation for Interruptible Enclaved Execution on Small Microprocessors: Extended Version

Cryptography and Security 2020-01-30 v1

Abstract

Computer systems often provide hardware support for isolation mechanisms like privilege levels, virtual memory, or enclaved execution. Over the past years, several successful software-based side-channel attacks have been developed that break, or at least significantly weaken the isolation that these mechanisms offer. Extending a processor with new architectural or micro-architectural features, brings a risk of introducing new such side-channel attacks. This paper studies the problem of extending a processor with new features without weakening the security of the isolation mechanisms that the processor offers. We propose to use full abstraction as a formal criterion for the security of a processor extension, and we instantiate that criterion to the concrete case of extending a microprocessor that supports enclaved execution with secure interruptibility of these enclaves. This is a very relevant instantiation as several recent papers have shown that interruptibility of enclaves leads to a variety of software-based side-channel attacks. We propose a design for interruptible enclaves, and prove that it satisfies our security criterion. We also implement the design on an open-source enclave-enabled microprocessor, and evaluate the cost of our design in terms of performance and hardware size.

Keywords

Cite

@article{arxiv.2001.10881,
  title  = {Provably Secure Isolation for Interruptible Enclaved Execution on Small Microprocessors: Extended Version},
  author = {Matteo Busi and Job Noorman and Jo Van Bulck and Letterio Galletta and Pierpaolo Degano and Jan Tobias Mühlberg and Frank Piessens},
  journal= {arXiv preprint arXiv:2001.10881},
  year   = {2020}
}

Comments

Extended version of the paper "Provably Secure Isolation for Interruptible Enclaved Execution on Small Microprocessors"

R2 v1 2026-06-23T13:24:04.313Z