Proving the Absence of Microarchitectural Timing Channels

Scott Buckley (1); Robert Sison (1; 2); Nils Wistoff (3); Curtis; Millar (1); Toby Murray (2); Gerwin Klein (4; 1); Gernot Heiser (1) ((1); UNSW Sydney; (2) University of Melbourne; (3) ETH Z\"urich; (4) Proofcraft)

arXiv:2310.17046·cs.OS·October 27, 2023·1 cites

Proving the Absence of Microarchitectural Timing Channels

Scott Buckley (1), Robert Sison (1, 2), Nils Wistoff (3), Curtis, Millar (1), Toby Murray (2), Gerwin Klein (4, 1), Gernot Heiser (1) ((1), UNSW Sydney, (2) University of Melbourne, (3) ETH Z\"urich, (4) Proofcraft)

PDF

Open Access

TL;DR

This paper formalizes time protection mechanisms to prevent microarchitectural timing channels, linking hardware and OS security proofs to enhance computer security.

Contribution

It provides a formal framework connecting hardware mechanisms and OS time protection with existing information-flow security proofs.

Findings

01

Formalization of time protection and hardware mechanisms

02

Linking hardware and OS security proofs

03

Enhanced assurance against timing channels

Abstract

Microarchitectural timing channels are a major threat to computer security. A set of OS mechanisms called time protection was recently proposed as a principled way of preventing information leakage through such channels and prototyped in the seL4 microkernel. We formalise time protection and the underlying hardware mechanisms in a way that allows linking them to the information-flow proofs that showed the absence of storage channels in seL4.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsSecurity and Verification in Computing · Cryptographic Implementations and Security · Parallel Computing and Optimization Techniques