Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

BackCache: Mitigating Contention-Based Cache Timing Attacks by Hiding Cache Line Evictions

Quancheng Wang, Xige Zhang, Han Wang, Yuzhe Gu, Ming Tang

TL;DR

BackCache addresses contention-based cache timing attacks on the L1 data cache by introducing a fully associative backup cache that always yields cache hits. It combines hardware enhancements (backup cache, RURP, dynamic resizing) with ISA/OS support (BUCLR) to obscure eviction patterns and prevent attacker inferences. The authors provide security analysis and gem5-based evaluation showing low overheads (kernel: ~2.6%, single-thread SPEC: ~2.7-3.8%, multi-thread: ~3.36%) and modest energy/area increases. The approach preserves cache utility while enhancing confidentiality in shared-cache environments, with practical implications for cryptographic workloads and cloud settings.

Abstract

Caches are used to reduce the speed differential between the CPU and memory to improve the performance of modern processors. However, attackers can use contention-based cache timing attacks to steal sensitive information from victim processes through carefully designed cache eviction sets. And L1 data cache attacks are widely exploited and pose a significant privacy and confidentiality threat. Existing hardware-based countermeasures mainly focus on cache partitioning, randomization, and cache line flushing, which unfortunately either incur high overhead or can be circumvented by sophisticated attacks. In this paper, we propose a novel hardware-software co-design called BackCache with the idea of always achieving cache hits instead of cache misses to mitigate contention-based cache timing attacks on the L1 data cache. BackCache places the evicted cache lines from the L1 data cache into a fully-associative backup cache to hide the evictions. To improve the security of BackCache, we introduce a randomly used replacement policy (RURP) and a dynamic backup cache resizing mechanism. We also present a theoretical security analysis to demonstrate the effectiveness of BackCache. Our evaluation on the gem5 simulator shows that BackCache can degrade the performance by 2.61%, 2.66%, and 3.36% For OS kernel, single-thread, and multi-thread benchmarks.

BackCache: Mitigating Contention-Based Cache Timing Attacks by Hiding Cache Line Evictions

TL;DR

BackCache addresses contention-based cache timing attacks on the L1 data cache by introducing a fully associative backup cache that always yields cache hits. It combines hardware enhancements (backup cache, RURP, dynamic resizing) with ISA/OS support (BUCLR) to obscure eviction patterns and prevent attacker inferences. The authors provide security analysis and gem5-based evaluation showing low overheads (kernel: ~2.6%, single-thread SPEC: ~2.7-3.8%, multi-thread: ~3.36%) and modest energy/area increases. The approach preserves cache utility while enhancing confidentiality in shared-cache environments, with practical implications for cryptographic workloads and cloud settings.

Abstract

Caches are used to reduce the speed differential between the CPU and memory to improve the performance of modern processors. However, attackers can use contention-based cache timing attacks to steal sensitive information from victim processes through carefully designed cache eviction sets. And L1 data cache attacks are widely exploited and pose a significant privacy and confidentiality threat. Existing hardware-based countermeasures mainly focus on cache partitioning, randomization, and cache line flushing, which unfortunately either incur high overhead or can be circumvented by sophisticated attacks. In this paper, we propose a novel hardware-software co-design called BackCache with the idea of always achieving cache hits instead of cache misses to mitigate contention-based cache timing attacks on the L1 data cache. BackCache places the evicted cache lines from the L1 data cache into a fully-associative backup cache to hide the evictions. To improve the security of BackCache, we introduce a randomly used replacement policy (RURP) and a dynamic backup cache resizing mechanism. We also present a theoretical security analysis to demonstrate the effectiveness of BackCache. Our evaluation on the gem5 simulator shows that BackCache can degrade the performance by 2.61%, 2.66%, and 3.36% For OS kernel, single-thread, and multi-thread benchmarks.
Paper Structure (21 sections, 2 equations, 13 figures, 6 tables)

This paper contains 21 sections, 2 equations, 13 figures, 6 tables.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. Cache Timing Side-Channel Attacks
  4. Existing Mitigation Techniques
  5. Threat Model
  6. Microarchitecture Design
  7. BackCache Architecture
  8. Parallel Cache Access
  9. Random Used Replacement Policy (RURP)
  10. Dynamic Backup Cache Resizing Mechanism
  11. ISA and Software Support
  12. Security Analysis
  13. Experimental Evaluation
  14. Hardware Overhead
  15. Experimental Setup on Gem5
  16. ...and 6 more sections

Figures (13)

  • Figure 1: Contention-based cache timing attack on L1 data cache.
  • Figure 2: A high-level overview of the BackCache and hardware modifications.
  • Figure 3: Pipeline diagram for the L1 data cache and backup cache access.
  • Figure 4: The memory access process of L1 data cache and backup cache.
  • Figure 5: The workflow of random used replacement policy (RURP).
  • ...and 8 more figures