MI6: Secure Enclaves in a Speculative Out-of-Order Processor

Recent attacks have broken process isolation through the exploitation of microarchitectural side channels that allow indirect access to shared microarchitectural state. Enclaves aim to strengthen the process abstraction to restore isolation guarantees. We propose MI6, an architecture with an aggressive, speculative out-of-order processor capable of providing secure enclaves under a threat model that includes an untrusted OS and an attacker capable of mounting any software attack currently considered practical, including control flow speculation attacks. MI6 is inspired by Sanctum [1] and extends its isolation guarantee to more realistic memory hierarchies. It also introduces a purge instruction, which is used only when a secure process is scheduled. The semantics of the purge instruction is straightforward but the difficulty of implementing it depends directly on the complexity of the processor microarchitecture. We model the performance impact of enclaves in MI6 through FPGA emulation on AWS F1 FPGAs by running SPEC CINT2006 benchmarks on top of an untrusted Linux OS. Security comes at the cost of approximately 16.4% average slowdown for protected programs, and is slightly smaller for unprotected programs. This open architecture and its study is a first step towards an open-source implementation of secure enclaves in an out-of-order machine that can be audited by the architecture and the security community down to the hardware source code.