International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 16 June 2015

Victor Costan, Ilia Lebedev, Srinivas Devadas
ePrint Report ePrint Report
Sanctum is a set of minimal extensions to a standard RISC architecture that offers strong provable isolation of software modules running concurrently and sharing resources. Sanctum is similar to

SGX in its API, but protects against an important class of additional software attacks, including cache timing and memory access pattern attacks. It does so via a principled approach to eliminating entire attack surfaces through isolation rather than plugging attack-specific privacy leaks.

Sanctum\'s hardware changes over a standard RISC architecture do not impact the cycle time, as they do not extend critical execution paths. Sanctum does not change any major CPU building block (e.g., ALU, MMU, cache), and only requires additional hardware at the interfaces between these building blocks corresponding to less than two percent chip area overhead. Over a set of benchmarks, Sanctum\'s worst observed overhead for isolated execution is 14.6% over an idealized insecure baseline.

Expand

Additional news items may be found on the IACR news page.