Poor userspace isolation: CPU cache

[allanlw]

Not only does Silvos not well-isolate userspace processes from each other, it also does not well-isolate kernel space from userspace.

In particular, with Silvos it is possible for user space programs to gain vital information about other processes and even the kernel itself through cache side channel attacks.

Some possible approaches to solutions include:

1. Let applications request that when they are unscheduled the cache is forcefully flushed.
2. Let applications request periods of schedule in which they cannot be pre-empted.
3. Let applications request specific pages that should never be put into cache (e.g. are uncachable in the page table and their page table entries are uncachable) for sensitive operations. We reference the Intel 64 Software Developer's Manual Volume 3A - Section 11.12 Page Attribute Table: http://www.intel.com/Assets/en_US/PDF/manual/253668.pdf
4. Let applications request specific pages that are always cached. We reference the literature for a pre-existing approach: https://taesoo.gtisc.gatech.edu/pubs/2012/kim:stealthmem.pdf

Because none of these are available I do not feel comfortable doing my RSA computations inside a silvos userland.

[allanlw]

I think it's a bit passive aggressive (to say the least) to mark this as "wontfix" and leave no comment.

I do not agree that this is an "enhancement". It is a fundemental flaw in the userspace implementation of silvos.

[allanlw]

Here is a good new paper on this which suggests it is impossible: https://arxiv.org/abs/1612.04474