RollingCache: Using Runtime Behavior to Defend Against Cache Side Channel Attacks

Abstract: Shared caches are vulnerable to side channel attacks through contention in cache sets. Besides being a simple source of information leak, these side channels form useful gadgets for more sophisticated attacks that compromise the security of shared systems. The fundamental design aspect that contention attacks exploit is the deterministic nature of the set of addresses contending for a cache set. In this paper, we present RollingCache, a cache design that defends against contention attacks by dynamically changing the set of addresses contending for cache sets. Unlike prior defenses, RollingCache does not rely on address encryption/decryption, data relocation, or cache partitioning. We use one level of indirection to implement dynamic mapping controlled by the whole-cache runtime behavior. Our solution does not depend on having defined security domains, and can defend against an attacker running on the same or another core. We evaluate RollingCache on ChampSim using the SPEC-2017 benchmark suite. Our security evaluation shows that our dynamic mapping removes the deterministic ability to identify the source of contention. The performance evaluation shows an impact of 1.67\% over a mix of workloads, with a corresponding