Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
119 tokens/sec
GPT-4o
56 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
6 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

On The Effect of Replacement Policies on The Security of Randomized Cache Architectures (2312.06235v1)

Published 11 Dec 2023 in cs.CR

Abstract: Randomizing the mapping of addresses to cache entries has proven to be an effective technique for hardening caches against contention-based attacks like Prime+Prome. While attacks and defenses are still evolving, it is clear that randomized caches significantly increase the security against such attacks. However, one aspect that is missing from most analyses of randomized cache architectures is the choice of the replacement policy. Often, only the random- and LRU replacement policies are investigated. However, LRU is not applicable to randomized caches due to its immense hardware overhead, while the random replacement policy is not ideal from a performance and security perspective. In this paper, we explore replacement policies for randomized caches. We develop two new replacement policies and evaluate a total of five replacement policies regarding their security against Prime+Prune+Probe attackers. Moreover, we analyze the effect of the replacement policy on the system's performance and quantify the introduced hardware overhead. We implement randomized caches with configurable replacement policies in software and hardware using a custom cache simulator, gem5, and the CV32E40P RISC-V core. Among others, we show that the construction of eviction sets with our new policy, VARP-64, requires over 25-times more cache accesses than with the random replacement policy while also enhancing overall performance.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (44)
  1. Daniel J. Bernstein. 2005. Cache-timing attacks on AES. Online.. https://cr.yp.to/antiforgery/cachetiming-20050414.pdf https://cr.yp.to/antiforgery/cachetiming-20050414.pdf.
  2. Christian Bienia. 2011. Benchmarking Modern Multiprocessors. Ph. D. Dissertation. Princeton University.
  3. Brutus: Refuting the Security Claims of the Cache Timing Randomization Countermeasure Proposed in CEASER. IEEE Comput. Archit. Lett. 19, 1 (2020), 9–12. https://doi.org/10.1109/LCA.2020.2964212
  4. Software Grand Exposure: SGX Cache Attacks Are Practical. In 11th USENIX Workshop on Offensive Technologies (WOOT 17). USENIX Associaton, 12. https://www.usenix.org/conference/woot17/workshop-program/presentation/brasser
  5. Cache-Timing Attacks on RSA Key Generation. IACR Transactions on Cryptographic Hardware and Embedded Systems 2019, 4 (Aug. 2019), 213–242. https://doi.org/10.13154/tches.v2019.i4.213-242
  6. SCARF: A Low-Latency Block Cipher for Secure Cache-Randomization. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX Association, Anaheim, CA. https://www.usenix.org/conference/usenixsecurity23/presentation/canale
  7. Detecting Covert Timing Channels with Time-Deterministic Replay. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14). USENIX Association, Broomfield, CO, 541–554. https://www.usenix.org/conference/osdi14/technical-sessions/presentation/chen_ang
  8. SgxPectre: Stealing Intel Secrets From SGX Enclaves via Speculative Execution. IEEE Secur. Priv. 18, 3 (2020), 28–37. https://doi.org/10.1109/MSEC.2019.2963021
  9. Jie Chen and Guru Venkataramani. 2014. CC-Hunter: Uncovering Covert Timing Channels on Shared Processor Hardware. In 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture. 216–228. https://doi.org/10.1109/MICRO.2014.42
  10. Prefetch-guard: Leveraging hardware prefetches to defend against cache timing channels. In 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). 187–190. https://doi.org/10.1109/HST.2018.8383912
  11. Flush+Flush: A Fast and Stealthy Cache Attack. In Detection of Intrusions and Malware, and Vulnerability Assessment - 13th International Conference, DIMVA 2016, San Sebastián, Spain, July 7-8, 2016, Proceedings (Lecture Notes in Computer Science, Vol. 9721), Juan Caballero, Urko Zurutuza, and Ricardo J. Rodríguez (Eds.). Springer, 279–299. https://doi.org/10.1007/978-3-319-40667-1_14
  12. Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches. In 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12-14, 2015, Jaeyeon Jung and Thorsten Holz (Eds.). USENIX Association, 897–912. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/gruss
  13. Cache Attacks on Intel SGX. In EuroSys ’17: Twelfth EuroSys Conference 2017, Cristiano Giuffrida and Angelos Stavrou (Eds.). ACM, New York, NY, USA, 2:1–2:6. https://doi.org/10.1145/3065913.3065915
  14. High performance cache replacement using re-reference interval prediction (RRIP). In 37th International Symposium on Computer Architecture (ISCA 2010), June 19-23, 2010, Saint-Malo, France, André Seznec, Uri C. Weiser, and Ronny Ronen (Eds.). ACM, 60–71. https://doi.org/10.1145/1815961.1815971
  15. STEALTHMEM: System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud. In Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8-10, 2012, Tadayoshi Kohno (Ed.). USENIX Association, 189–204. https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/kim
  16. DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors. In 51st Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 2018, Fukuoka, Japan, October 20-24, 2018. IEEE Computer Society, 974–987. https://doi.org/10.1109/MICRO.2018.00083
  17. Spectre Attacks: Exploiting Speculative Execution. In 40th IEEE Symposium on Security and Privacy (S&P’19). IEEE, IEEE, 1–19. https://doi.org/10.1109/SP.2019.00002
  18. Meltdown: Reading Kernel Memory from User Space. In 27th USENIX Security Symposium (USENIX Security 18), William Enck and Adrienne Porter Felt (Eds.). USENIX Association, 973–990. https://www.usenix.org/conference/usenixsecurity18/presentation/lipp
  19. CATalyst: Defeating last-level cache side channel attacks in cloud computing. In 2016 IEEE International Symposium on High Performance Computer Architecture, HPCA 2016, Barcelona, Spain, March 12-16, 2016. IEEE Computer Society, 406–418. https://doi.org/10.1109/HPCA.2016.7446082
  20. Last-Level Cache Side-Channel Attacks are Practical. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015. IEEE Computer Society, 605–622. https://doi.org/10.1109/SP.2015.43
  21. The gem5 Simulator: Version 20.0+. arXiv:2007.03152 [cs.AR]
  22. Winter is here! A decade of cache-based side-channel attacks, detection & mitigation for RSA. Inf. Syst. 92 (2020), 101524. https://doi.org/10.1016/j.is.2020.101524
  23. Cache Attacks and Countermeasures: the Case of AES. In Topics in Cryptology - CT-RSA 2006, The Cryptographers’ Track at the RSA Conference 2006, San Jose, CA, USA, February 13-17, 2006, Proceedings (Lecture Notes in Computer Science, Vol. 3860), David Pointcheval (Ed.). Springer, 1–20. https://doi.org/10.1007/11605805_1
  24. Systematic analysis of randomization-based protected cache architectures. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE, 987–1002.
  25. Moinuddin K. Qureshi. 2018. CEASER: Mitigating Conflict-Based Cache Attacks via Encrypted-Address and Remapping. In 51st Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 2018, Fukuoka, Japan, October 20-24, 2018. IEEE Computer Society, 775–787. https://doi.org/10.1109/MICRO.2018.00068
  26. Moinuddin K. Qureshi. 2019. New attacks and defense for encrypted-address cache. In Proceedings of the 46th International Symposium on Computer Architecture, ISCA 2019, Phoenix, AZ, USA, June 22-26, 2019, Srilatha Bobbie Manne, Hillery C. Hunter, and Erik R. Altman (Eds.). ACM, 360–371. https://doi.org/10.1145/3307650.3322246
  27. John T Robinson. 2004. Generalized Tree-LRU Replacement. Technical Report.
  28. The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations. In 2019 IEEE Symposium on Security and Privacy (SP). 435–452. https://doi.org/10.1109/SP.2019.00062
  29. Gururaj Saileshwar and Moinuddin K. Qureshi. 2021. MIRAGE: Mitigating Conflict-Based Cache Attacks with a Practical Fully-Associative Design. In 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, Michael Bailey and Rachel Greenstadt (Eds.). USENIX Association, 1379–1396. https://www.usenix.org/conference/usenixsecurity21/presentation/saileshwar
  30. Daniel Sánchez and Christos Kozyrakis. 2012. Scalable and Efficient Fine-Grained Cache Partitioning with Vantage. IEEE Micro 32, 3 (2012), 26–37. https://doi.org/10.1109/MM.2012.19
  31. Designing a Cost-Effective Cache Replacement Policy using Machine Learning. In 2021 IEEE International Symposium on High-Performance Computer Architecture (HPCA). 291–303. https://doi.org/10.1109/HPCA51647.2021.00033
  32. Randomized Last-Level Caches Are Still Vulnerable to Cache Side-Channel Attacks! But We Can Fix It. In 42nd IEEE Symposium on Security and Privacy, SP 2021, San Francisco, CA, USA, 24-27 May 2021. IEEE, 955–969. https://doi.org/10.1109/SP40001.2021.00050
  33. Risky Translations: Securing TLBs against Timing Side Channels. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2023, 1 (2023), 1–31. https://doi.org/10.46586/tches.v2023.i1.1-31
  34. PhantomCache: Obfuscating Cache Conflicts with Localized Randomization. In 27th Annual Network and Distributed System Security Symposium, NDSS 2020, San Diego, California, USA, February 23-26, 2020. The Internet Society. https://www.ndss-symposium.org/ndss-paper/phantomcache-obfuscating-cache-conflicts-with-localized-randomization/
  35. ClepsydraCache - Preventing Cache Attacks with Time-Based Evictions. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX Association, Anaheim, CA. https://www.usenix.org/conference/usenixsecurity23/presentation/thoma
  36. Efficient Cache Attacks on AES, and Countermeasures. J. Cryptol. 23, 1 (2010), 37–71. https://doi.org/10.1007/s00145-009-9049-y
  37. Zhenghong Wang and Ruby B. Lee. 2007. New cache designs for thwarting software cache-based side channel attacks. In 34th International Symposium on Computer Architecture (ISCA 2007), June 9-13, 2007, San Diego, California, USA, Dean M. Tullsen and Brad Calder (Eds.). ACM, 494–505. https://doi.org/10.1145/1250662.1250723
  38. Zhenghong Wang and Ruby B. Lee. 2008. A Novel Cache Architecture with Enhanced Performance and Security. In 41st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO-41 2008), November 8-12, 2008, Lake Como, Italy. IEEE Computer Society, 83–93. https://doi.org/10.1109/MICRO.2008.4771781
  39. ScatterCache: Thwarting Cache Attacks via Cache Set Randomization. In 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019, Nadia Heninger and Patrick Traynor (Eds.). USENIX Association, 675–692. https://www.usenix.org/conference/usenixsecurity19/presentation/werner
  40. SHiP: Signature-based Hit Predictor for high performance caching. In 2011 44th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). 430–441.
  41. ReplayConfusion: Detecting cache-based covert channel attacks using record and replay. In 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). 1–14. https://doi.org/10.1109/MICRO.2016.7783742
  42. Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014, Kevin Fu and Jaeyeon Jung (Eds.). USENIX Association, 719–732. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/yarom
  43. Ship++: Enhancing signature-based hit predictor for improved cache performance. In The 2nd Cache Replacement Championship (CRC-2 Workshop in ISCA 2017).
  44. A Software Approach to Defeating Side Channels in Last-Level Caches. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016, Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi (Eds.). ACM, 871–882. https://doi.org/10.1145/2976749.2978324
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (7)
  1. Moritz Peters (1 paper)
  2. Nicolas Gaudin (1 paper)
  3. Jan Philipp Thoma (5 papers)
  4. Vianney Lapôtre (4 papers)
  5. Pascal Cotret (7 papers)
  6. Guy Gogniat (5 papers)
  7. Tim Güneysu (8 papers)

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now