We present Citadel, to our knowledge, the first enclave platform with strong microarchitectural isolation to run realistic secure programs on a speculative out-of-order multicore processor. First, we develop a new hardware mechanism to enable secure shared memory while defending against transient execution attacks by blocking speculative accesses to shared memory. Then, we develop an efficient dynamic cache partitioning scheme, improving both enclaves' and unprotected processes' performance. We conduct an in-depth security analysis and a performance evaluation of our new mechanisms. Finally, we build the hardware and software infrastructure required to run our secure enclaves. Our multicore processor runs on an FPGA and boots untrusted Linux from which users can securely launch and interact with enclaves. We open-source our end-to-end hardware and software infrastructure, hoping to spark more research and bridge the gap between conceptual proposals and FPGA prototypes.

翻译：摘要：我们提出Citadel——据我们所知，首个在推测乱序多核处理器上为运行真实安全程序提供强微架构隔离的飞地平台。首先，我们开发了一种新型硬件机制，通过阻止对共享内存的推测访问来抵御瞬态执行攻击，从而支持安全共享内存。接着，我们设计了一种高效的动态缓存分区方案，在提升飞地与非保护进程性能间取得平衡。针对新机制，我们开展了深入的安全性分析与性能评估。最终，搭建了运行安全飞地所需的软硬件基础设施。该多核处理器在FPGA上运行，可引导不受信任的Linux系统，用户能通过该系统安全启动飞地并与之交互。我们将端到端软硬件基础设施开源，期望推动相关研究并弥合概念提案与FPGA原型之间的鸿沟。