Skip to main content

Time protection: The missing OS abstraction

Authors

Qian Ge, Yuval Yarom, Tom Chothia and Gernot Heiser

Data61, CSIRO, Australia
UNSW, Australia

Published:

https://arxiv.org/pdf/1810.05345.pdf

Abstract

Timing channels enable data leakage that threatens the security of computer systems, from cloud platforms to smartphones and browsers executing untrusted third-party code. Preventing unauthorised information flow is a core duty of the operating system, however, present OSes are unable to prevent timing channels. We argue that OSes must provide time protection in addition to the established memory protection. We examine the requirements of time protection, present a design and its implementation in the seL4 microkernel, and evaluate its efficacy as well as performance overhead on Arm and x86 processors.

BibTeX Entry

  @article{Ge_YCH_18_1,
    noformat         = {pdf},
    title            = {Time Protection: the Missing {OS} Abstraction},
    superseded_by    = {Ge_YCH_19},
    journal          = {{arXiv} preprint arXiv:1810.05345},
    author           = {Ge, Qian and Yarom, Yuval and Chothia, Tom and Heiser, Gernot},
    month            = oct,
    noauth           = {ge003:yar020::hei070},
    year             = {2018},
    howpublished     = {\url{https://arxiv.org/pdf/1810.05345.pdf}},
    nowebtags        = {data61, timingchannels, sel4, ts}
  }

Download