Sanctum: Minimal Hardware Extensions for Strong Software Isolation 论文

摘要

Sanctum offers the same promise as SGX, namely strong provable isolation of software modules running concur-rently and sharing resources, but protects against an im-portant class of additional software attacks that infer private information from a program’s memory access patterns. We follow a principled approach to eliminat-ing entire attack surfaces through isolation, rather than plugging attack-specific privacy leaks. Sanctum demonstrates that strong software isolation is achievable with a surprisingly small set of minimally invasive hardware changes, and a very reasonable over-head. Sanctum does not change any major CPU building block. Instead, we add hardware at the interfaces be-tween building blocks, without impacting cycle time. Our prototype shows a 2 % area increase in a Rocket RISC-V core. Over a set of benchmarks, Sanctum’s worst observed overhead for isolated execution is 15.1% over an idealized insecure baseline, and 2.7 % average overhead over a representative insecure baseline. 1