Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Systematic Evaluation of Randomized Cache Designs against Cache Occupancy

Anirban Chakraborty, Nimish Mishra, Sayandeep Saha, Sarani Bhattacharya, Debdeep Mukhopadhyay

TL;DR

This work broadens the security assessment of randomized caches by focusing on cache occupancy attacks, a threat often neglected in prior studies that emphasize contention-based attacks. By standardizing benchmarking and evaluating five designs—CEASER, CEASER-S, MIRAGE, ScatterCache, and SassCache—across multiple threat models (covert channels, process fingerprinting, AES key recovery), it shows that occupancy considerations can invert expected security-performance trade-offs. SassCache stands out as the most robust against occupancy attacks due to security-domain isolation, while MIRAGE—though strong against contention—suffers from higher occupancy leakage and enables practical AES key recovery under sufficient occupancy and observations. The findings argue for holistic, occupancy-aware cache design and motivate exploring dynamic partitioning to balance security with performance in modern LLCs.

Abstract

Randomizing the address-to-set mapping and partitioning of the cache has been shown to be an effective mechanism in designing secured caches. Several designs have been proposed on a variety of rationales: (1) randomized design, (2) randomized-and-partitioned design, and (3) psuedo-fully associative design. This work fills in a crucial gap in current literature on randomized caches: currently most randomized cache designs defend only contention-based attacks, and leave out considerations of cache occupancy. We perform a systematic evaluation of 5 randomized cache designs- CEASER, CEASER-S, MIRAGE, Scatter-Cache, and Sass-cache against cache occupancy wrt. both performance as well as security. With respect to performance, we first establish that benchmarking strategies used by contemporary designs are unsuitable for a fair evaluation (because of differing cache configurations, choice of benchmarking suites, additional implementation-specific assumptions). We thus propose a uniform benchmarking strategy, which allows us to perform a fair and comparative analysis across all designs under various replacement policies. Likewise, with respect to security against cache occupancy attacks, we evaluate the cache designs against various threat assumptions: (1) covert channels, (2) process fingerprinting, and (3) AES key recovery (to the best of our knowledge, this work is the first to demonstrate full AES key recovery on a randomized cache design using cache occupancy attack). Our results establish the need to also consider cache occupancy side-channel in randomized cache design considerations.

Systematic Evaluation of Randomized Cache Designs against Cache Occupancy

TL;DR

This work broadens the security assessment of randomized caches by focusing on cache occupancy attacks, a threat often neglected in prior studies that emphasize contention-based attacks. By standardizing benchmarking and evaluating five designs—CEASER, CEASER-S, MIRAGE, ScatterCache, and SassCache—across multiple threat models (covert channels, process fingerprinting, AES key recovery), it shows that occupancy considerations can invert expected security-performance trade-offs. SassCache stands out as the most robust against occupancy attacks due to security-domain isolation, while MIRAGE—though strong against contention—suffers from higher occupancy leakage and enables practical AES key recovery under sufficient occupancy and observations. The findings argue for holistic, occupancy-aware cache design and motivate exploring dynamic partitioning to balance security with performance in modern LLCs.

Abstract

Randomizing the address-to-set mapping and partitioning of the cache has been shown to be an effective mechanism in designing secured caches. Several designs have been proposed on a variety of rationales: (1) randomized design, (2) randomized-and-partitioned design, and (3) psuedo-fully associative design. This work fills in a crucial gap in current literature on randomized caches: currently most randomized cache designs defend only contention-based attacks, and leave out considerations of cache occupancy. We perform a systematic evaluation of 5 randomized cache designs- CEASER, CEASER-S, MIRAGE, Scatter-Cache, and Sass-cache against cache occupancy wrt. both performance as well as security. With respect to performance, we first establish that benchmarking strategies used by contemporary designs are unsuitable for a fair evaluation (because of differing cache configurations, choice of benchmarking suites, additional implementation-specific assumptions). We thus propose a uniform benchmarking strategy, which allows us to perform a fair and comparative analysis across all designs under various replacement policies. Likewise, with respect to security against cache occupancy attacks, we evaluate the cache designs against various threat assumptions: (1) covert channels, (2) process fingerprinting, and (3) AES key recovery (to the best of our knowledge, this work is the first to demonstrate full AES key recovery on a randomized cache design using cache occupancy attack). Our results establish the need to also consider cache occupancy side-channel in randomized cache design considerations.
Paper Structure (31 sections, 1 equation, 22 figures, 3 tables, 1 algorithm)

This paper contains 31 sections, 1 equation, 22 figures, 3 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Motivation
  3. Contribution
  4. Background
  5. Traditional Cache Designs
  6. Secured Cache Designs
  7. Randomized Caches
  8. Randomization and Partitioning
  9. Pseudo Fully Associative Caches
  10. Attacks on Secured Caches
  11. Performance Analysis of Randomized Cache Designs under Spurious Occupancy
  12. Contemporary Benchmarking Strategy
  13. Assumptions on Distribution of Memory Accesses across Benchmark Lifetime
  14. Benchmarking under Spurious Occupancy
  15. Effect of Replacement Policies
  16. ...and 16 more sections

Figures (22)

  • Figure 1: CEASER - randomized using block cipher
  • Figure 2: CEASER-S - Randomized-partitioned with two keys
  • Figure 3: ScatterCache - randomized and skewed.
  • Figure 4: MIRAGE - pseudo fully associative cache.
  • Figure 5: Performance evaluation of considered cache designs with RandomRP replacement policy (normalized against baseline set-associative, and expressed as a $\%$). Performance statistics are averaged over $300$ copies of SPEC2017 runs.
  • ...and 17 more figures