Microarchitectural Side-Channel Mitigations for Serverless Applications
Serverless applications process sensitive information in a multi-tenancy environment, and remain susceptible to cache and timing side-channel attacks. While mitigations exist for native applications, such as crypto, they have not been adapted for serverless applications, which often use dynamically typed languages. We propose an approach to mitigate side channels within language runtimes, which relies on applying constant-time transformations and oblivious RAM techniques at different stages within the runtime pipeline. We are developing a tool, Scooti, which demonstrates the feasibility of this approach within the JavaScript engine, V8. We will formally prove the guarantees and empirically evaluate the performance and security properties of the Scooti.
| (prisc24-paper10 (1).pdf) | 398KiB |
| Slides (prisc_scooti.pdf) | 2.55MiB |
Sat 20 JanDisplayed time zone: London change
11:00 - 12:30 | |||
11:00 22mTalk | Microarchitectural Side-Channel Mitigations for Serverless Applications PriSC File Attached | ||
11:22 22mTalk | Lifting Compiler Security Properties to Stronger Attackers: the Speculation Case PriSC Xaver Fabian Cispa Helmholtz Center for Information Security, Marco Guarnieri IMDEA Software Institute, Michael Backes Cispa Helmholtz Center for Information Security File Attached | ||
11:45 22mTalk | Secure Composition of SPECTRE Mitigations PriSC Matthis Kruse CISPA Helmholtz Center for Information Security, Michael Backes Cispa Helmholtz Center for Information Security File Attached | ||
12:07 22mTalk | When Obfuscations Preserve Cryptographic Constant-Time PriSC Matteo Busi University Ca' Foscari, Venice, Pierpaolo Degano University of Pisa and IMT School for Advanced Studies Lucca, Letterio Galletta IMT School for Advanced Studies Lucca File Attached | ||