Time protection: the missing OS abstraction

Qian Ge; Yuval  Yarom; Tom Chothia; Gernot Heiser

doi:10.1145/3302424.3303976

Time protection: the missing OS abstraction

Qian Ge, Yuval Yarom, Tom Chothia, Gernot Heiser

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

16 Citations (Scopus)

467 Downloads (Pure)

Abstract

Timing channels enable data leakage that threatens the security of computer systems, from cloud platforms to smartphones and browsers executing untrusted third-party code. Preventing unauthorised information flow is a core duty of the operating system, however, present OSes are unable to prevent timing channels. We argue that OSes must provide time protection, the temporal equivalent of the established memory protection, for isolating security domains. We examine the requirements of time protection, present a design and its implementation in the seL4 microkernel, and evaluate efficacy and cost on x86 and Arm processors.

Original language	English
Title of host publication	EuroSys '19
Subtitle of host publication	Proceedings of the Fourteenth EuroSys Conference 2019
Publisher	Association for Computing Machinery (ACM)
Pages	1-17
Number of pages	17
ISBN (Electronic)	9781450362818
DOIs	https://doi.org/10.1145/3302424.3303976
Publication status	Published - 25 Mar 2019
Event	14th European Conference on Computer Systems (EuroSys 2019) - Dresden, Germany Duration: 25 Mar 2019 → 28 Mar 2019

Conference

Conference	14th European Conference on Computer Systems (EuroSys 2019)
Country/Territory	Germany
City	Dresden
Period	25/03/19 → 28/03/19

Keywords

timing channels
covert channels
temporal isolation
time protection
microkernels
security
confidentiality
seL4
Timing channels
Security
Time protection
Temporal isolation
Covert channels
Confidentiality
SeL4
Microkernels

ASJC Scopus subject areas

Electrical and Electronic Engineering
Hardware and Architecture

Access to Document

10.1145/3302424.3303976Licence: None: All rights reserved

Qian_Ge_et_al_Time_protection_EuroSys_'19_2019Accepted author manuscript, 1.11 MBLicence: None: All rights reserved

https://dl.acm.org/citation.cfm?id=3303976Licence: None: All rights reserved

Cite this

@inproceedings{523224c9cf604f1fb1687984a96aac3f,

title = "Time protection: the missing OS abstraction",

abstract = "Timing channels enable data leakage that threatens the security of computer systems, from cloud platforms to smartphones and browsers executing untrusted third-party code. Preventing unauthorised information flow is a core duty of the operating system, however, present OSes are unable to prevent timing channels. We argue that OSes must provide time protection, the temporal equivalent of the established memory protection, for isolating security domains. We examine the requirements of time protection, present a design and its implementation in the seL4 microkernel, and evaluate efficacy and cost on x86 and Arm processors.",

keywords = "timing channels, covert channels, temporal isolation, time protection, microkernels, security, confidentiality, seL4, Timing channels, Security, Time protection, Temporal isolation, Covert channels, Confidentiality, SeL4, Microkernels",

author = "Qian Ge and Yuval Yarom and Tom Chothia and Gernot Heiser",

year = "2019",

month = mar,

day = "25",

doi = "10.1145/3302424.3303976",

language = "English",

pages = "1--17",

booktitle = "EuroSys '19",

publisher = "Association for Computing Machinery (ACM)",

address = "United States",

note = "14th European Conference on Computer Systems (EuroSys 2019) ; Conference date: 25-03-2019 Through 28-03-2019",

}

TY - GEN

T1 - Time protection

T2 - 14th European Conference on Computer Systems (EuroSys 2019)

AU - Ge, Qian

AU - Yarom, Yuval

AU - Chothia, Tom

AU - Heiser, Gernot

PY - 2019/3/25

Y1 - 2019/3/25

N2 - Timing channels enable data leakage that threatens the security of computer systems, from cloud platforms to smartphones and browsers executing untrusted third-party code. Preventing unauthorised information flow is a core duty of the operating system, however, present OSes are unable to prevent timing channels. We argue that OSes must provide time protection, the temporal equivalent of the established memory protection, for isolating security domains. We examine the requirements of time protection, present a design and its implementation in the seL4 microkernel, and evaluate efficacy and cost on x86 and Arm processors.

AB - Timing channels enable data leakage that threatens the security of computer systems, from cloud platforms to smartphones and browsers executing untrusted third-party code. Preventing unauthorised information flow is a core duty of the operating system, however, present OSes are unable to prevent timing channels. We argue that OSes must provide time protection, the temporal equivalent of the established memory protection, for isolating security domains. We examine the requirements of time protection, present a design and its implementation in the seL4 microkernel, and evaluate efficacy and cost on x86 and Arm processors.

KW - timing channels

KW - covert channels

KW - temporal isolation

KW - time protection

KW - microkernels

KW - security

KW - confidentiality

KW - seL4

KW - Timing channels

KW - Security

KW - Time protection

KW - Temporal isolation

KW - Covert channels

KW - Confidentiality

KW - SeL4

KW - Microkernels

UR - http://www.scopus.com/inward/record.url?scp=85063882835&partnerID=8YFLogxK

U2 - 10.1145/3302424.3303976

DO - 10.1145/3302424.3303976

M3 - Conference contribution

SP - 1

EP - 17

BT - EuroSys '19

PB - Association for Computing Machinery (ACM)

Y2 - 25 March 2019 through 28 March 2019

ER -

Time protection: the missing OS abstraction

Abstract

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this