QUARANTINE: Mitigating Transient Execution Attacks with Physical Domain Isolation

Mathé Hertogh, Manuel Wiesinger, Sebastian Österlund, Marius Muench, Nadav Amit, Herbert Bos, Cristiano Giuffrida

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Since the Spectre and Meltdown disclosure in 2018, the list of new transient execution vulnerabilities that abuse the shared nature of microarchitectural resources on CPU cores has been growing rapidly. In response, vendors keep deploying “spot” (per-variant) mitigations, which have become increasingly costly when combined against all the attacks-especially on older-generation processors. Indeed, some are so expensive that system administrators may not deploy them at all. Worse still, spot mitigations can only address known (N-day) attacks as they do not tackle the underlying problem: different security domains that run simultaneously on the same physical CPU cores and share their microarchitectural resources. In this paper, we proposeQuarantine, a principled, softwareonly approach to mitigate transient execution attacks by eliminating sharing of microarchitectural resources.Quarantine decouples privileged and unprivileged execution and physically isolates different security domains on different CPU cores. We applyQuarantine to the Linux/KVM boundary and show it offers the system and its users blanket protection against malicous VMs and (unikernel) applications.Quarantine mitigates 24 out of the 27 known transient execution attacks on Intel CPUs and provides strong security guarantees against future attacks. On LMbench,Quarantine incurs a geomean overhead of 11.2%, much lower than the default configuration of spot mitigations on Linux distros such as Ubuntu (even though the spot mitigations offer only partial protection).

Original languageEnglish
Title of host publicationRAID '23
Subtitle of host publicationProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses
PublisherAssociation for Computing Machinery
Pages207-221
Number of pages15
ISBN (Electronic)9798400707650
DOIs
Publication statusPublished - Oct 2023
Event26th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2023 - Hong Kong, China
Duration: 16 Oct 202318 Oct 2023

Publication series

NameACM International Conference Proceeding Series

Conference

Conference26th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2023
Country/TerritoryChina
CityHong Kong
Period16/10/2318/10/23

Bibliographical note

Funding Information:
We thank the anonymous reviewers for their feedback. This work was supported by Intel Corporation through the “Allocamelus” project, the Dutch Science Organization (NWO) through project “Intersect”, and VMWare through an “Early Career Faculty” award. SBA Research (SBA-K1) funded this work within the framework of COMET–Competence Centers for Excellent Technologies by the Austrian Federal Ministry for Climate Action, Environment, Energy, Mobility, Innovation and Technology (BMK), the Austrian Federal Ministry of Labour and Economy (BMDW), and the federal state of Vienna, managed by the The Austrian Research Promotion Agency (FFG).

Publisher Copyright:
© 2023 Copyright held by the owner/author(s).

Keywords

  • Operating systems
  • Transient execution attacks

Fingerprint

Dive into the research topics of 'QUARANTINE: Mitigating Transient Execution Attacks with Physical Domain Isolation'. Together they form a unique fingerprint.

Cite this