Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Random and Safe Cache Architecture to Defeat Cache Timing Attacks

Guangyuan Hu, Ruby B. Lee

TL;DR

This work addresses a long-standing vulnerability in CPU caches: cache timing attacks that span both speculative execution and traditional side-channel channels. It introduces Random and Safe (RaS) cache architectures that decorrelate cache fills from victim memory accesses by using NoFill signaling and a Safe History Buffer (SHB) to marshal safe prefetches, combined with a randomized, constant-rate fill strategy and random replacement. Two prototypes, RaS-Spec and RaS+, demonstrate defensive coverage against speculative and non-speculative attacks, with RaS-Spec achieving an average overhead of $3.8\%$ and RaS+ offering configurable security-performance trade-offs (e.g., $7.9\%$ to $45.2\%$). The approach preserves set-associative cache structure, requires no software-domain partitioning, and shows favorable security and performance compared to prior defenses, while enabling extensions to other storage units like TLBs and instruction caches.

Abstract

Caches have been exploited to leak secret information due to the different times they take to handle memory accesses. Cache timing attacks include non-speculative cache side and covert channel attacks and cache-based speculative execution attacks. We first present a systematic view of the attack and defense space and show that no existing defense has addressed all cache timing attacks, which we do in this paper. We propose Random and Safe (RaS) cache architectures to decorrelate cache state changes from memory requests. RaS fills the cache with ``safe'' cache lines that are likely to be used in the future, rather than with demand-fetched, security-sensitive lines. RaS lifts the restriction on cache fills for accesses that become safe when speculative execution is resolved and authorized. Our RaS-Spec design against cache-based speculative execution attacks has a low 3.8% average performance overhead. RaS+ variants against both speculative and non-speculative attacks have security-performance trade-offs ranging from 7.9% to 45.2% average overhead.

Random and Safe Cache Architecture to Defeat Cache Timing Attacks

TL;DR

This work addresses a long-standing vulnerability in CPU caches: cache timing attacks that span both speculative execution and traditional side-channel channels. It introduces Random and Safe (RaS) cache architectures that decorrelate cache fills from victim memory accesses by using NoFill signaling and a Safe History Buffer (SHB) to marshal safe prefetches, combined with a randomized, constant-rate fill strategy and random replacement. Two prototypes, RaS-Spec and RaS+, demonstrate defensive coverage against speculative and non-speculative attacks, with RaS-Spec achieving an average overhead of and RaS+ offering configurable security-performance trade-offs (e.g., to ). The approach preserves set-associative cache structure, requires no software-domain partitioning, and shows favorable security and performance compared to prior defenses, while enabling extensions to other storage units like TLBs and instruction caches.

Abstract

Caches have been exploited to leak secret information due to the different times they take to handle memory accesses. Cache timing attacks include non-speculative cache side and covert channel attacks and cache-based speculative execution attacks. We first present a systematic view of the attack and defense space and show that no existing defense has addressed all cache timing attacks, which we do in this paper. We propose Random and Safe (RaS) cache architectures to decorrelate cache state changes from memory requests. RaS fills the cache with ``safe'' cache lines that are likely to be used in the future, rather than with demand-fetched, security-sensitive lines. RaS lifts the restriction on cache fills for accesses that become safe when speculative execution is resolved and authorized. Our RaS-Spec design against cache-based speculative execution attacks has a low 3.8% average performance overhead. RaS+ variants against both speculative and non-speculative attacks have security-performance trade-offs ranging from 7.9% to 45.2% average overhead.
Paper Structure (31 sections, 9 figures, 6 tables)

This paper contains 31 sections, 9 figures, 6 tables.

Table of Contents

  1. Introduction
  2. Background: Attacks
  3. Cache Side Channels
  4. Speculative Execution Attacks
  5. Insights on Cache Defenses
  6. Defenses against Speculative Execution Attacks
  7. Defenses against Side-channel Attacks
  8. RaS Architecture
  9. Threat Model
  10. Architecture Overview
  11. Cross-level NoFill Chain and Protection for Writeback
  12. Safe History Buffer
  13. RaS Prototypes: RASspec and RAS+
  14. Minimizing NoFill and NoSpecFill
  15. Security Analysis
  16. ...and 16 more sections

Figures (9)

  • Figure 1: The key operations of a flush-reload Spectre-v1 Attack.
  • Figure 2: The block diagram of Random and Safe (RaS) cache architecture. New units, signals and fields are shown in green.
  • Figure 3: A Safe History Buffer with FIFO-like SHB insertion and random SHB entry selection for SHB fetch. A random cache set (and associated memory line) within the RaS Window that includes the randomly selected SHB address is selected and sent for SHB fetch and filled into the cache.
  • Figure 4: Timeline of speculative loads that are authorized before or after the cache line is returned. Minimization of no-fill MSHRs with the NoFillClear signal enables cache line fills for future cache hits.
  • Figure 5: (a) to (c): The attacker's measurement in a flush-reload Spectre v1 attack. (d) to (e): The attacker's measurement in a prime-probe Spectre v1 attack. The secret value is 30.
  • ...and 4 more figures