The Avatar Cache: Enabling On-Demand Security with Morphable Cache Architecture

TL;DR

Avatar addresses the need for practical LLC security by introducing a morphable LLC with three modes: Avatar-N (non-secure), Avatar-R (randomized secure), and Avatar-P (partitioned secure). Avatar-R uses two high-associativity skews with implicit tag-data indirection and global random eviction to provide strong protection against conflict-based attacks with minimal capacity loss, achieving negligible SAE risk up to $10^{30}$ years. Avatar-P mitigates occupancy-based attacks through way-based partitioning, enabling scalable isolation across many domains with only modest performance overhead (about 3–4% in typical workloads). The design preserves conventional LLC interfaces for industrial adoption, incurs roughly 1.5% storage overhead and ~2.7% static power increase, and supports on-demand switching with controlled mode transitions and LLC flushes, enabling practical deployment in cloud and TEEs.

Abstract

The sharing of the last-level cache (LLC) among multiple cores makes it vulnerable to cross-core conflict- and occupancy-based attacks. Despite extensive prior work, modern processors still employ non-secure set-associative LLCs. Existing secure LLC designs broadly fall into two categories: (i) randomized and (ii) partitioned. The state-of-the-art randomized design, Mirage, mitigates conflict-based attacks but incurs significant area overhead (20% additional storage) and design complexity. Partitioned LLCs mitigate both conflict- and occupancy-based attacks, but often suffer from large performance overheads (on average over 5% and up to 49%), require OS support in set-based schemes, or face scalability issues in way-based schemes. These factors pose major obstacles to the industrial adoption of secure LLCs. This paper asks whether strong LLC security can be achieved with minimal changes to a conventional set-associative LLC, enabling security only when needed while preserving low performance, power, and area overheads. We propose Avatar, a secure and morphable LLC that supports three modes: non-secure (Avatar-N), randomized secure (Avatar-R), and partitioned secure (Avatar-P), and can switch dynamically between them. Avatar closely resembles a conventional set-associative LLC, facilitating industrial adoption. Avatar-R introduces extra invalid entries and leverages high associativity to provide a strong security guarantee with little capacity loss, achieving only one set-associative eviction per $10^{30}$ years, while incurring 1.5% storage overhead, a 2.7% increase in static power, and a 0.2% slowdown over a 16~MB baseline. Avatar-P mitigates both conflict- and occupancy-based attacks with only a 3% performance overhead, substantially outperforming prior way-based partitioned LLCs. When security is unnecessary, Avatar switches to Avatar-N to maximize performance and energy efficiency.

Figures (13)

• Figure 1: Overview of the Avatar LLC design with all its operating modes. RF is the randomizing function implemented using a block cipher.
• Figure 2: The morphing of sets and ways between the different modes in Avatar.
• Figure 3: Tag bits in each of the possible modes of operation for Avatar. SDID is the secure domain ID and RRIP are the re-reference interval prediction Jain2017HawkeyeL replacement policy priority bits.
• Figure 4: An overview of the steps involved in switching modes in Avatar. Note that this is just one possible example and the system can switch from any mode to any other mode.
• Figure 5: Performance degradation with varying ${T_{ON}}$ between two consecutive mode switches (for SPEC CPU2017).