Time protection: the missing OS abstraction
Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
Authors
Colleges, School and Institutes
External organisations
- Data61 CSIRO
- The University of Adelaide
- University of New South Wales (UNSW)
Abstract
Timing channels enable data leakage that threatens the security of computer systems, from cloud platforms to smartphones and browsers executing untrusted third-party code. Preventing unauthorised information flow is a core duty of the operating system, however, present OSes are unable to prevent timing channels. We argue that OSes must provide time protection, the temporal equivalent of the established memory protection, for isolating security domains. We examine the requirements of time protection, present a design and its implementation in the seL4 microkernel, and evaluate efficacy and cost on x86 and Arm processors.
Details
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the Fourteenth EuroSys Conference 2019 (EuroSys '19) |
| Publication status | Published - 25 Mar 2019 |
| Event | 14th European Conference on Computer Systems (EuroSys 2019) - Dresden, Germany Duration: 25 Mar 2019 → 28 Mar 2019 |
Conference
| Conference | 14th European Conference on Computer Systems (EuroSys 2019) |
|---|---|
| Country | Germany |
| City | Dresden |
| Period | 25/03/19 → 28/03/19 |
Keywords
- timing channels, covert channels, temporal isolation, time protection, microkernels, security, confidentiality, seL4