Aug 24 – 28, 2020
US/Pacific timezone

BoF: ASI: Efficiently Mitigating Speculative Execution Attacks with Address Space Isolation

Aug 26, 2020, 9:00 AM
45m
BOF1/Virtual-Room (LPC Virtual)

BOF1/Virtual-Room

LPC Virtual

150
Birds of a Feather (BoF) BOFs Session

Speaker

Ofir Weisse (Google)

Description

Speculative execution attacks, such as L1TF, MDS, LVI pose significant security risk to hypervisors and VMs. A complete mitigation for these attacks requires very frequent flushing of buffers (e.g., L1D cache) and halting of sibling cores. The performance cost of such mitigations is unacceptable in realistic scenarios. We are developing a high-performance security-enhancing mechanism to defeat speculative attack which we dub Address Space Isolation (ASI). In essence, ASI is an alternative way to manage virtual memory for hypervisors, providing very strong security guarantees at a minimal performance cost. In the talk, we will discuss the motivation for this technique as well as initial results we have.

I agree to abide by the anti-harassment policy I agree

Primary author

Ofir Weisse (Google)

Presentation materials