MI6: Secure Enclaves in a Speculative Out-of-Order Processor

Recent attacks based on control flow speculation have broken process isolation through the exploitation of microarchitectural side channels that allow indirect access to shared microarchitectural state. Enclaves strengthen the process abstraction to restore isolation guarantees under a specified threat model that typically includes an untrusted operating system (OS). We propose MI6, an architecture with an aggressive, speculative out-of-order processor capable of providing secure enclaves under a threat model that includes an untrusted OS and an attacker capable of mounting any software attack currently considered practical, including control flow speculation attacks such as Spectre. We accurately model the performance impact of enclaves in MI6 through FPGA emulation on AWS F1 FPGAs by running SPEC CINT2006 benchmarks on top of an untrusted Linux OS. Security comes at the cost of 9.9% average slowdown for protected programs and 7.4% average slowdown for unprotected programs. The hardware area overhead of MI6 is 2.3% for a core, not including an FPU, cache SRAMs, or a Last Level Cache (LLC) slice. This open architecture and its study is the first step towards an open-source implementation of secure enclaves in an out-of-order machine that will be auditable by the architecture and the