Secure and Scalable TLB Partitioning Against Timing Side-Channel Attacks
摘要
Modern micro-architectural attacks, including cache-based side-channel and speculative execution attacks, have increasingly challenged the security of contemporary processors. Recent studies have revealed that the Translation Lookaside Buffer (TLB) can also serve as a vector for timing-based side-channel and covert channel attacks, exposing sensitive information similarly to cache-based attacks. As TLBs are crucial to both CPUs and GPUs, the prevalence and potential impact of such attacks are likely to increase. However, existing defenses often fail to balance security guarantees with architectural scalability, particularly under realistic multi-process execution environments. To address these limitations, we propose a secure and scalable TLB partitioning architecture that separates entries into secure and non-secure domains. When the secure domain is inactive, its partition can be temporarily repurposed by non-secure processes, improving TLB utilization without weakening security guarantees. We implement our architecture on both Linux and the gem5 simulator, and evaluate its performance using standard benchmarks. Experimental results show that our approach incurs low overhead while improving scalability compared to previous solutions.