# IRONHIDE: A Secure Multicore that Efficiently Mitigates   Microarchitecture State Attacks for Interactive Applications

**Authors:** Hamza Omar, Omer Khan

arXiv: 1904.12729 · 2020-01-28

## TL;DR

IRONHIDE introduces spatial isolation in multicore processors, enabling secure and insecure processes to interact efficiently without microarchitecture state purging overheads, thus enhancing performance and security against microarchitecture attacks.

## Contribution

It proposes a novel multicore architecture with spatially isolated clusters, reducing microarchitecture state attack surface and performance overheads compared to existing solutions like MI6.

## Key findings

- IRONHIDE achieves 2.1x performance improvement over MI6.
- It provides 20% better performance than SGX-like baselines.
- Strong isolation is maintained against microarchitecture state attacks.

## Abstract

Microprocessors enable aggressive hardware virtualization by means of which multiple processes temporally execute on the system. These security-critical and ordinary processes interact with each other to assure application progress. However, temporal sharing of hardware resources exposes the processor to various microarchitecture state attacks. State-of-the-art secure processors, such as MI6 adopt Intel's SGX enclave execution model. MI6 architects strong isolation by statically isolating shared memory state, and purging the microarchitecture state of private core, cache, and TLB resources on every enclave entry and exit. The purging overhead significantly impacts performance as the interactivity across the secure and insecure processes increases. This paper proposes IRONHIDE that implements strong isolation in the context of multicores to form spatially isolated secure and insecure clusters of cores. For an interactive application comprising of secure and insecure processes, IRONHIDE pins the secure process(es) to the secure cluster, where they execute and interact with the insecure process(es) without incurring the microarchitecture state purging overheads on every interaction event. IRONHIDE improves performance by 2.1x over the MI6 baseline for a set of user and OS interactive applications. Moreover, IRONHIDE improves performance by 20% over an SGX-like baseline, while also ensuring strong isolation guarantees against microarchitecture state attacks.

---
Source: https://tomesphere.com/paper/1904.12729