Time protection: the missing OS abstraction

Qian Ge, Yuval Yarom, Tom Chothia, Gernot Heiser

Research output: Chapter in Book/Report/Conference proceedingConference contribution

16 Citations (Scopus)
414 Downloads (Pure)


Timing channels enable data leakage that threatens the security of computer systems, from cloud platforms to smartphones and browsers executing untrusted third-party code. Preventing unauthorised information flow is a core duty of the operating system, however, present OSes are unable to prevent timing channels. We argue that OSes must provide time protection, the temporal equivalent of the established memory protection, for isolating security domains. We examine the requirements of time protection, present a design and its implementation in the seL4 microkernel, and evaluate efficacy and cost on x86 and Arm processors.
Original languageEnglish
Title of host publicationEuroSys '19
Subtitle of host publicationProceedings of the Fourteenth EuroSys Conference 2019
PublisherAssociation for Computing Machinery (ACM)
Number of pages17
ISBN (Electronic)9781450362818
Publication statusPublished - 25 Mar 2019
Event14th European Conference on Computer Systems (EuroSys 2019) - Dresden, Germany
Duration: 25 Mar 201928 Mar 2019


Conference14th European Conference on Computer Systems (EuroSys 2019)


  • timing channels
  • covert channels
  • temporal isolation
  • time protection
  • microkernels
  • security
  • confidentiality
  • seL4
  • Timing channels
  • Security
  • Time protection
  • Temporal isolation
  • Covert channels
  • Confidentiality
  • SeL4
  • Microkernels

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Hardware and Architecture


Dive into the research topics of 'Time protection: the missing OS abstraction'. Together they form a unique fingerprint.

Cite this