Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

PCG: Mitigating Conflict-based Cache Side-channel Attacks with Prefetching

Fang Jiang, Fei Tong, Hongyu Wang, Xiaoyu Cheng, Zhe Zhou, Ming Ling, Yuxing Mao

TL;DR

This work targets conflict-based cache side-channel attacks by introducing PCG, a prefetching-based defense that both injects noise and reduces victim-related cache footprints. It combines an Attack Aware Module (AAM) and an Observation Confused Module (OCM) to detect suspicious cache-set activity and orchestrate eviction-aware prefetching, respectively. Through gem5 simulations and BOOMv3 RTL validation, PCG demonstrates stronger security than prior prefetch-based schemes (PREFENDER, DP) and achieves a SPEC17 IPC improvement of about 1.64% with only ~1.26% hardware overhead on average. The results indicate PCG is a practical, low-overhead defense suitable for integration with existing prefetchers, offering improved resilience against repeated and enhanced attacks in contemporary microarchitectures.

Abstract

To defend against conflict-based cache side-channel attacks, cache partitioning or remapping techniques were proposed to prevent set conflicts between different security domains or obfuscate the locations of such conflicts. But such techniques complicate cache design and may result in significant performance penalties. Therefore, there have been lightweight prefetching-based schemes proposed to introduce noise to confuse attackers' observation. However, we have validated experimentally that relying on prefetching to only introduce noise is insufficient, as attackers can still reliably distinguish the victim's cache accesses. This paper proposes a novel prefetching-based scheme, called PCG. It combines adding victim-irrelevant cache occupancy changes and reducing victim-relevant cache occupancy changes to disrupt attackers by generating noisy and indistinguishable cache access patterns. Additionally, PCG can either work independently or seamlessly be integrated with most of the commonly used prefetchers. We have implemented and evaluated PCG in both gem5 and the open-source RISC-V core BOOMv3. The evaluation results show the PCG's robust security superior to the existing solutions, while without resulting in significant performance degradation. According to the evaluation based on the SPEC CPU 2017 benchmark suite, PCG even shows an average performance improvement of about 1.64%. Moreover, it incurs only 1.26% overhead on hardware resource consumption.

PCG: Mitigating Conflict-based Cache Side-channel Attacks with Prefetching

TL;DR

This work targets conflict-based cache side-channel attacks by introducing PCG, a prefetching-based defense that both injects noise and reduces victim-related cache footprints. It combines an Attack Aware Module (AAM) and an Observation Confused Module (OCM) to detect suspicious cache-set activity and orchestrate eviction-aware prefetching, respectively. Through gem5 simulations and BOOMv3 RTL validation, PCG demonstrates stronger security than prior prefetch-based schemes (PREFENDER, DP) and achieves a SPEC17 IPC improvement of about 1.64% with only ~1.26% hardware overhead on average. The results indicate PCG is a practical, low-overhead defense suitable for integration with existing prefetchers, offering improved resilience against repeated and enhanced attacks in contemporary microarchitectures.

Abstract

To defend against conflict-based cache side-channel attacks, cache partitioning or remapping techniques were proposed to prevent set conflicts between different security domains or obfuscate the locations of such conflicts. But such techniques complicate cache design and may result in significant performance penalties. Therefore, there have been lightweight prefetching-based schemes proposed to introduce noise to confuse attackers' observation. However, we have validated experimentally that relying on prefetching to only introduce noise is insufficient, as attackers can still reliably distinguish the victim's cache accesses. This paper proposes a novel prefetching-based scheme, called PCG. It combines adding victim-irrelevant cache occupancy changes and reducing victim-relevant cache occupancy changes to disrupt attackers by generating noisy and indistinguishable cache access patterns. Additionally, PCG can either work independently or seamlessly be integrated with most of the commonly used prefetchers. We have implemented and evaluated PCG in both gem5 and the open-source RISC-V core BOOMv3. The evaluation results show the PCG's robust security superior to the existing solutions, while without resulting in significant performance degradation. According to the evaluation based on the SPEC CPU 2017 benchmark suite, PCG even shows an average performance improvement of about 1.64%. Moreover, it incurs only 1.26% overhead on hardware resource consumption.
Paper Structure (27 sections, 2 equations, 9 figures, 3 tables, 2 algorithms)

This paper contains 27 sections, 2 equations, 9 figures, 3 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Background
  3. Cache and MSHR
  4. Conflict-based Cache Side-channel Attacks
  5. Hardware Prefetcher
  6. MOTIVATION AND OBSERVATIONS
  7. Threat Model
  8. PCG Design
  9. Overview
  10. AAM Design
  11. OCM Design
  12. Security Analysis
  13. Conflict-based Cache Side-channel Attacks
  14. Security Comparison with Recent Works
  15. Breaking PREFENDER and DP
  16. ...and 12 more sections

Figures (9)

  • Figure 1: The proportion of MSHR misses in total cache accesses and cache misses.
  • Figure 2: Overview of PCG design.
  • Figure 3: The design of AAM.
  • Figure 4: Security comparison of previous works with PCG.
  • Figure 5: Repeat the attack 10,000 times to recover the secret 's'. Neither PREFENDER nor DP can withstand the repeated attacks, and 's' is determined with the highest cache hits.
  • ...and 4 more figures