ASM: An Adaptive Secure Multicore for Co-located Mutually Distrusting Processes

With the ever-increasing virtualization of hardware, the privacy of user-sensitive data is a fundamental concern in computation outsourcing. Secure processors enable a trusted execution environment to guarantee security properties based on the principles of isolation. However, the shared hardware resources within the microarchitecture are increasingly being used by co-located adversarial software to create timing-based side-channel attacks. State-of-the-art secure processors implement the \emph{strong isolation} primitive to enable non-interference for shared hardware, but suffer from frequent state purging and resource utilization overheads, leading to degraded performance. This paper proposes \textsf{ASM}, an adaptive secure multicore architecture that enables a reconfigurable, yet strongly isolated execution environment. For security-critical processes, the proposed security kernel and hardware extensions allow a given process to either execute using all available cores, or co-execute multiple processes on strongly isolated clusters of cores. This spatio-temporal execution environment is configured based on resource demands of processes, such that the secure processor mitigates state purging overheads and maximizes hardware resource utilization.