Adaptive caches as a defense mechanism against cache side-channel attacks

  • PDF / 1,972,312 Bytes
  • 17 Pages / 595.276 x 790.866 pts Page_size
  • 100 Downloads / 205 Views

DOWNLOAD

REPORT


REGULAR PAPER

Adaptive caches as a defense mechanism against cache side-channel attacks Sahan Bandara1

· Michel A. Kinsy2

Received: 10 April 2020 / Accepted: 7 October 2020 © Springer-Verlag GmbH Germany, part of Springer Nature 2020

Abstract Side-channel attacks exploit architectural features of computing systems and algorithmic properties of applications executing on these systems to steal sensitive information. Cache side-channel attacks are more powerful and practical compared to other classes of side-channel attacks due to several factors, such as the ability to be mounted without physical access to the system. Some secure cache architectures have been proposed to counter side-channel attacks. However, they all incur significant performance overheads. This work explores the viability of using adaptive caches, which are conventionally used as a performance-oriented architectural feature, as a defense mechanism against cache side-channel attacks. We conduct an empirical analysis, starting from establishing a baseline for the attacker’s ability to infer information regarding the memory accesses of the victim process when there is no active defense mechanism in place and the attacker is fully aware of all the cache parameters. Then, we analyze the effectiveness of the attack without complete knowledge of the cache configuration. Finally, based on the insight that the success of the attack is heavily dependent on knowledge of the cache configuration, we formulate a cache monitoring and user-defined events detection methodology, implement a generalized run-time cache reconfiguration technique, and observe their effect on successfully detecting and mitigating attacks on the cache subsystem. We observe that reconfiguring different cache parameters during a side-channel attack reduces the accuracy of the attack in detecting cache sets accessed by the victim by 44% on average, with a maximum of 90% reduction. Keywords Cache side-channel attack · Attack mitigation · Reconfigurable cache

1 Introduction Most modern processors use caches to overcome the “memory wall”, which is the widening gap between processor speed and memory access speed. While being vital to the performance of a processor, they have also been the target of numerous side-channel attacks. Several recent sidechannel attacks exploit processor caches as the medium that transfers sensitive information from the victim to the

B

Sahan Bandara [email protected] Michel A. Kinsy [email protected] https://ascslab.org/mkinsy/index.html

1

Adaptive and Secure Computing Systems (ASCS) Laboratory Department of Electrical and Computer Engineering, Boston University, Boston, USA

2

Adaptive and Secure Computing Systems (ASCS) Laboratory, Department of Electrical and Computer Engineering, Texas A&M University, College Station, TX, USA

attacker [6,15,16]. Caches are used as the covert channel by most attacks while targeting different architecture features such as speculative execution or out-of-order execution as the point of attack. Caches are very effective as side-ch