• Preprint Citadel: Enclaves with Strong Microarchitectural Isolation and Secure Shared Memory on a Speculative Out-of-Order Processor.
    Jules Drean, Miguel Gomez-Garcia, Fisher Jepsen, Thomas Bourgeat, Srinivas Devadas [arXiv]

  • ISCA2022 There’s Always a Bigger Fish: A Clarifying Analysis of a Machine-Learning-Assisted Side-Channel Attack.
    Jack Cook, Jules Drean, Jonathan Behrens, Mengjia Yan

  • ASPLOS2022 DAGguise: Mitigating Memory Timing Side Channels.
    Peter W. Deutsch, Yuheng Yang, Thomas Bourgeat, Jules Drean, Joel Emer, Mengjia Yan [pdf]

  • MICRO2020 CaSA: End-to-end Quantitative Security Analysis of Randomly Mapped Caches.
    Thomas Bourgeat*, Jules Drean*, Yuheng Yang, Lillian Tsai, Joel Emer, Mengjia Yan (*co-first authors) [pdf]

  • DATE2019 Sanctorum: A lightweight security monitor for secure enclaves.
    Ilia Lebedev, Kyle Hogan, Jules Drean, David Kohlbrenner, Dayeol Lee, Krste Asanović, Dawn Song, Srinivas Devadas [pdf][code]

  • IROS2019 Benchmarking and workload analysis of robot dynamics algorithms.
    Sabrina M Neuman, Twan Koolen, Jules Drean, Jason E Miller, Srinivas Devadas [pdf] [code]

Current Projects

Citadel: Enclaves with Microarchitectural Isolation and Secure Shared Memory on a Speculative Out-of-Order Processor.

Enclaves or Trusted Execution Environments are trusted- hardware primitives that make it possible to isolate and protect a sensitive program from an untrusted operating sys- tem. Unfortunately, almost all existing enclave platforms are vulnerable to microarchitectural side channels and transient execution attacks, and the one academic proposal that is not does not allow programs to interact with the outside world. We present Citadel, to our knowledge, the first enclave plat- form with microarchitectural isolation to run realistic secure programs on a speculative out-of-order multicore processor. We show how to leverage hardware/software co-design to enable shared memory between an enclave and an untrusted operating system while preventing speculative transmitters between the enclave and a potential adversary. We then eval- uate our secure baseline and present further mechanisms to achieve reasonable performance for out-of-the-box pro- grams. Our multicore processor runs on an FPGA and boots untrusted Linux from which users can securely launch and interact with enclaves. To demonstrate our platform capa- bilities, we run a private inference enclave that embed a small neural network trained on MNIST. A remote user can remotely attest the enclave integrity, perform key exchange and send encrypted input for secure evaluation. We open- source our end-to-end hardware and software infrastructure, hoping to spark more research and bridge the gap between conceptual proposals and FPGA prototypes.

Fine-Grained Light-Weight Isolation Primitives

Modern systems lack meaningful abstractions for security domains. At the moment, only processes are potentially isolated from one another at an architectural level (some part of a process's memory might be private). This abstraction is not only broken by micro-architectural side channels but is also greatly limited. Modern software imports untrusted libraries, calls into legacy code and execute content from different security domains. The current solution, like in modern web browsers, has been to place each of these security domains in a different process. Nevertheless, we believe the existence of alternative isolation abstractions and hardware primitives to enforce them could change the way we isolate and secure software. We've been looking at building these new primitives to enable secure isolation of libraries, functions and other fine-grained security domains.


Jules Drean

Office 32-G890


Copyright (c) 2022 Jules Drean