24-28 August 2020
US/Pacific timezone

BoF: ASI: Efficiently Mitigating Speculative Execution Attacks with Address Space Isolation

26 Aug 2020, 09:00
45m
BOF1/Virtual-Room (LPC 2020)

BOF1/Virtual-Room

LPC 2020

150
Birds of a Feather (BoF) BOFs Session

Speaker

Ofir Weisse (Google)

Description

Speculative execution attacks, such as L1TF, MDS, LVI pose significant security risk to hypervisors and VMs. A complete mitigation for these attacks requires very frequent flushing of buffers (e.g., L1D cache) and halting of sibling cores. The performance cost of such mitigations is unacceptable in realistic scenarios. We are developing a high-performance security-enhancing mechanism to defeat speculative attack which we dub Address Space Isolation (ASI). In essence, ASI is an alternative way to manage virtual memory for hypervisors, providing very strong security guarantees at a minimal performance cost. In the talk, we will discuss the motivation for this technique as well as initial results we have.

I agree to abide by the anti-harassment policy I agree

Primary author

Ofir Weisse (Google)

Presentation Materials