Conferences and supporting programme
Sidestepping Side Channel Attacks Through Separation & Virtualization
Meltdown and Spectre, two recent side channel attacks have demonstrated how side channels can be exploited on some high end multicore processors, resulting in loss of confidentiality. The media attention has indicated it was a largely hardware design issue that forced software suppliers to provide workarounds. Modern multicore processor architecture has evolved to the point where analyzing complexities and emergent behaviour is a significant challenge for system architects. But could these side channel attacks be sidestepped by the system software architect using existing processor capabilities? How can one build a system that is resilient to such side channel attacks? The OS is supposed to be a defense mechanism against hardware vulnerabilities, but in such side channel attacks it is becoming the primary point of failure when it comes to security breaches. Hardware functionality in multicore systems has evolved to the extent of undermining the ability of OS’s to sustain security-by-design. The OS concept, originally designed to provide resource sharing on a single core, has been stretched to find ways to schedule across cores and share services across parallel execution processes. While they have successfully achieved this, it has compromised least privilege design objectives, in effect becoming less secure as they become more efficient. This paper will show how to address these issues and sustain current OS implementations for legacy code re-use.
--- Date: 27.02.2019 Time: 4:00 PM - 4:30 PM Location: Conference Counter NCC Ost