Table of Contents
Fetching ...

Fast Selective Flushing to Mitigate Contention-based Cache Timing Attacks

Tuo Li, Sri Parameswaran

TL;DR

This paper proposes for the first time a hardware/software flush-based countermeasure, called fast selective flushing (FASE), utilizing an ISA extension and cache modification, which provides a mitigation method with a similar effect to methods using naive flush.

Abstract

Caches are widely used to improve performance in modern processors. By carefully evicting cache lines and identifying cache hit/miss time, contention-based cache timing channel attacks can be orchestrated to leak information from the victim process. Existing hardware countermeasures explored cache partitioning and randomization, are either costly, not applicable for the L1 data cache, or are vulnerable to sophisticated attacks. Countermeasures using cache flush exist but are slow since all cache lines have to be evacuated during a cache flush. In this paper, we propose for the first time a hardware/software flush-based countermeasure, called fast selective flushing (FaSe). By utilizing an ISA extension (one flush instruction) and cache modification (additional state bits and control logic), FaSe selectively flushes cache lines and provides a mitigation method with a similar effect to existing methods using naive flushing methods. FaSe is implemented on RISC-V Rocket Core/Chip and evaluated on Xilinx FPGA running user programs and the Linux operating system. Our experimental results show that FaSe reduces time overhead significantly by 36% for user programs and 42% for the operating system compared to the methods with naive flushing, with less than 1% hardware overhead. Our security test shows FaSe is capable of mitigating target cache timing attacks.

Fast Selective Flushing to Mitigate Contention-based Cache Timing Attacks

TL;DR

This paper proposes for the first time a hardware/software flush-based countermeasure, called fast selective flushing (FASE), utilizing an ISA extension and cache modification, which provides a mitigation method with a similar effect to methods using naive flush.

Abstract

Caches are widely used to improve performance in modern processors. By carefully evicting cache lines and identifying cache hit/miss time, contention-based cache timing channel attacks can be orchestrated to leak information from the victim process. Existing hardware countermeasures explored cache partitioning and randomization, are either costly, not applicable for the L1 data cache, or are vulnerable to sophisticated attacks. Countermeasures using cache flush exist but are slow since all cache lines have to be evacuated during a cache flush. In this paper, we propose for the first time a hardware/software flush-based countermeasure, called fast selective flushing (FaSe). By utilizing an ISA extension (one flush instruction) and cache modification (additional state bits and control logic), FaSe selectively flushes cache lines and provides a mitigation method with a similar effect to existing methods using naive flushing methods. FaSe is implemented on RISC-V Rocket Core/Chip and evaluated on Xilinx FPGA running user programs and the Linux operating system. Our experimental results show that FaSe reduces time overhead significantly by 36% for user programs and 42% for the operating system compared to the methods with naive flushing, with less than 1% hardware overhead. Our security test shows FaSe is capable of mitigating target cache timing attacks.
Paper Structure (10 sections, 10 figures, 2 tables)

This paper contains 10 sections, 10 figures, 2 tables.

Figures (10)

  • Figure 1: Abstract view of a Prime+Probe attack. The blocks in dark grey represent the cache lines utilized by victim. si: Cache Set i. wi: Cache Way i.
  • Figure 2: Brief illustration of FaSe's key idea.
  • Figure 3: FaSe system overview.
  • Figure 4: FaSe cache's tag array.
  • Figure 5: LLSF flush mechanism. EoC: end of cache lines.
  • ...and 5 more figures