research-article

Public Access

Secure Hierarchy-Aware Cache Replacement Policy (SHARP): Defending Against Cache-Based Side Channel Atacks

Authors:

Bhargava Gopireddy,

Josep TorrellasAuthors Info & Claims

ISCA '17: Proceedings of the 44th Annual International Symposium on Computer Architecture

Pages 347 - 360

https://doi.org/10.1145/3079856.3080222

Published: 24 June 2017 Publication History

Abstract

In cache-based side channel attacks, a spy that shares a cache with a victim probes cache locations to extract information on the victim's access patterns. For example, in evict+reload, the spy repeatedly evicts and then reloads a probe address, checking if the victim has accessed the address in between the two operations. While there are many proposals to combat these cache attacks, they all have limitations: they either hurt performance, require programmer intervention, or can only defend against some types of attacks.

This paper makes the following observation for an environment with an inclusive cache hierarchy: when the spy evicts the probe address from the shared cache, the address will also be evicted from the private cache of the victim process, creating an inclusion victim. Consequently, to disable cache attacks, this paper proposes to alter the line replacement algorithm of the shared cache, to prevent a process from creating inclusion victims in the caches of cores running other processes. By enforcing this rule, the spy cannot evict the probe address from the shared cache and, hence, cannot glimpse any information on the victim's access patterns. We call our proposal SHARP (Secure Hierarchy-Aware cache Replacement Policy). SHARP efficiently defends against all existing cross-core shared-cache attacks, needs only minimal hardware modifications, and requires no code modifications. We implement SHARP in a cycle-level full-system simulator. We show that it protects against real-world attacks, and that it introduces negligible average performance degradation.

References

[1]

Onur Aciiçmez, çetin K. Koç, and Jean P. Seifert. 2006. Predicting secret keys via branch prediction. In Proceedings of the 7th Cryptographers' Track at the RSA Conference on Topics in Cryptology. Springer-Verlag, Berlin, Heidelberg, 225--242.

Digital Library

[2]

Jean-Loup Baer and Wen-Hann Wang. 1988. On the inclusion properties for multilevel cache hierarchies. In The Conference Proceedings 15th Annual International Symposium on Computer Architecture. IEEE, 73--80.

Digital Library

[3]

Christian Bienia, Sanjeev Kumar, Jaswinder P. Singh, and Kai Li. 2008. The PARSEC benchmark suite: characterization and architectural implications. In Proceedings of the 17th International Conference on Parallel Architectures and Compilation Techniques. ACM, New York, NY, USA, 72--81.

Digital Library

[4]

Joseph Bonneau and Ilya Mironov. 2006. Cache-collision timing attacks against AES, In Proceedings of the 8th International Conference on Cryptographic Hardware and Embedded Systems. Cryptographic Hardware and Embedded Systems, 201--215.

Digital Library

[5]

Jie Chen and Guru Venkataramani. 2014. CC-Hunter: uncovering covert timing channels on shared processor hardware. In Proceedings of the 47th Annual IEEE/ACM International Symposium on Microarchitecture. IEEE Computer Society, Washington, DC, USA, 216--228.

Digital Library

[6]

Marco Chiappetta, Erkay Savas, and Cemal Yilmaz. 2016. Real time detection of cache-based side-channel attacks using hardware performance counters. Appl. Soft Comput. 49, C (Dec. 2016), 1162--1174.

Digital Library

[7]

Katherine E. Fletcher, W. Evan Speight, and John K. Bennett. 1995. Techniques for reducing the impact of inclusion in shared network cache multiprocessors. Rice ELEC TR (1995).

[8]

Michael M. Godfrey. 2013. On the prevention of cache-based side-channel attacks in a cloud environment. Master's thesis. Queen's University.

[9]

Daniel M. Gordon. 1998. A survey of fast exponentiation methods. Journal of Algorithms 27, 1 (April 1998), 129--146.

Digital Library

[10]

Daniel Gruss, Clémentine Maurice, Anders Fogh, Moritz Lipp, and Stefan Mangard. 2016. Prefetch side-channel attacks: bypassing SMAP and kernel ASLR. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, NY, USA, 368--379.

Digital Library

[11]

Daniel Gruss, Clémentine Maurice, Klaus Wagner, and Stefan Mangard. 2016. Flush+Flush: a fast and stealthy cache attack. In Proceedings of the 13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer-Verlag New York, Inc., New York, NY, USA, 279--299.

Digital Library

[12]

Daniel Gruss, Raphael Spreitzer, and Stefan Mangard. 2015. Cache template attacks: automating attacks on inclusive last-level caches. In Proceedings of the 24th USENIX Conference on Security Symposium. USENIX Association, Berkeley, CA, USA, 897--912. http://portal.acm.org/citation.cfm?id=2831200

Digital Library

[13]

Roberto Guanciale, Hamed Nemati, Christoph Baumann, and Mads Dam. 2016. Cache storage channels: alias-driven attacks and verified countermeasures. In IEEE Symposium on Security and Privacy. IEEE, 38--55.

[14]

John L. Henning. 2006. SPEC CPU2006 benchmark descriptions. SIGARCH Comput. Archit. News 34, 4 (Sept. 2006), 1--17.

Digital Library

[15]

Taylor Hornby. 2016. Side-channel attacks on everyday applications: distinguishing inputs with FLUSH+RELOAD. https://www.blackhat.com/docs/us-16/materials/us-16-Hornby-Side-Channel-Attacks-On-Everyday-Applications-wp.pdf. (2016). Accessed on 22 April 2017.

[16]

Wei-Ming Hu. 1992. Reducing Timing Channels with Fuzzy Time. Journal of Computer Security 1, 3--4 (May 1992), 233--254.

Digital Library

[17]

Ralf Hund, Carsten Willems, and Thorsten Holz. 2013. Practical timing side channel attacks against kernel Space ASLR. In IEEE Symposium on Security and Privacy. IEEE, 191--205.

Digital Library

[18]

Intel. 2017. Intel 64 and IA-32 Architectures Software Developer's Manual. https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf. (2017). Accessed on 22 April 2017.

[19]

Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2015. S$A: a shared cache attack that works across cores and defies VM sandboxing -- and its application to AES. In IEEE Symposium on Security and Privacy. IEEE, 591--604.

Digital Library

[20]

Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2016. Cross processor cache attacks. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. ACM, New York, NY, USA, 353--364.

Digital Library

[21]

Ameer Jaleel. 2010. Memory characterization of workloads using instrumentation-driven simulation. http://www.jaleels.org/ajaleel/workload/SPECanalysis.pdf. (2010). Accessed on 22 April 2017.

[22]

Aamer Jaleel, Eric Borch, Malini Bhandaru, Simon C. Steely, and Joel Emer. 2010. Achieving non-inclusive cache performance with inclusive caches: temporal locality aware (TLA) cache management policies. In 43rd Annual IEEE/ACM International Symposium on Microarchitecture. IEEE, 151--162.

Digital Library

[23]

Aamer Jaleel, William Hasenplaugh, Moinuddin Qureshi, Julien Sebot, Simon Steely, and Joel Emer. 2008. Adaptive insertion policies for managing shared caches. In Proceedings of the 17th International Conference on Parallel Architectures and Compilation Techniques. ACM, New York, NY, USA, 208--219.

Digital Library

[24]

Taesoo Kim, Marcus Peinado, and Gloria M. Ruiz. 2012. STEALTHMEM: system-level protection against cache-based side channel attacks in the cloud. In Proceedings of the 21st USENIX Conference on Security Symposium. USENIX Association, Berkeley, CA, USA, 11. http://portal.acm.org/citation.cfm?id=2362804

Digital Library

[25]

Jingfei Kong, Onur Aciiçmez, Jean-Pierre Seifert, and Huiyang Zhou. 2009. Hardware-software integrated approaches to defend against software cache-based side channel attacks. In IEEE 15th International Symposium on High Performance Computer Architecture. IEEE, 393--404.

[26]

Daniel Lenoski, James Laudon, Kourosh Gharachorloo, Anoop Gupta, and John Hennessy. 1990. The Directory-based Cache Coherence Protocol for the DASH Multiprocessor. In Proceedings of the 17th Annual International Symposium on Computer Architecture. ACM, New York, NY, USA, 148--159.

Digital Library

[27]

Vladimir I Levenshtein. 1966. Binary Codes Capable of Correcting Deletions, Insertions and Reversals. Soviet Physics Doklady 10 (Feb. 1966), 707.

[28]

Moritz Lipp, Daniel Gruss, Raphael Spreitzer, and Stefan Mangard. 2015. ARMageddon: last-level cache attacks on mobile devices. In 25th USENIX Security Symposium, Vol. abs/1511.04897. USENIX Association.

[29]

Fangfei Liu, Qian Ge, Yuval Yarom, Frank Mckeen, Carlos Rozas, Gernot Heiser, and Ruby B. Lee. 2016. CATalyst: defeating last-level cache side channel attacks in cloud computing. In IEEE International Symposium on High Performance Computer Architecture. IEEE, 406--418.

[30]

Fangfei Liu and Ruby B. Lee. 2014. Random fill cache architecture. In Proceedings of the 47th Annual IEEE/ACM International Symposium on Microarchitecture. IEEE Computer Society, Washington, DC, USA, 203--215.

Digital Library

[31]

Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B. Lee. 2015. Last-level cache side-channel attacks are practical. In Proceedings of the 2015 IEEE Symposium on Security and Privacy. IEEE Computer Society, Washington, DC, USA, 605--622.

Digital Library

[32]

Wanli Liu and D. Yeung. 2009. Using aggressor thread information to improve shared cache management for CMPs. In 18th International Conference on Parallel Architectures and Compilation Techniques. IEEE, 372--383.

Digital Library

[33]

Stefan Mangard, Elisabeth Oswald, and Thomas Popp. 2007. Power analysis attacks: revealing the secrets of smart cards. Springer-Verlag New York, Inc., Secaucus, NJ, USA.

Digital Library

[34]

Robert Martin, John Demme, and Simha Sethumadhavan. 2012. TimeWarp: rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks. In Proceedings of the 39th Annual International Symposium on Computer Architecture. IEEE Computer Society, Washington, DC, USA, 118--129.

Digital Library

[35]

Michael Neve and Jean P. Seifert. 2007. Advances on access-driven cache attacks on AES. In Proceedings of the 13th International Conference on Selected Areas in Cryptography. Springer-Verlag, Berlin, Heidelberg, 147--162.

Digital Library

[36]

Yossef Oren, Vasileios P. Kemerlis, Simha Sethumadhavan, and Angelos D. Keromytis. 2015. The spy in the sandbox: practical cache attacks in JavaScript and their implications. In Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, NY, USA, 1406--1418.

Digital Library

[37]

DagArne Osvik, Adi Shamir, and Eran Tromer. 2006. Cache attacks and countermeasures: the case of AES. In Topics in Cryptology, David Pointcheval (Ed.). Lecture Notes in Computer Science, Vol. 3860. Springer Berlin Heidelberg, Berlin, Heidelberg, Chapter 1, 1--20.

Digital Library

[38]

Avadh Patel, Furat Afram, Shunfei Chen, and Kanad Ghose. 2011. MARSS: a full system simulator for multicore x86 CPUs. In Proceedings of the 48th Design Automation Conference. ACM, New York, NY, USA, 1050--1055.

Digital Library

[39]

Mathias Payer. 2016. HexPADS: a platform to detect "stealth" attacks. In Proceedings of the 8th International Symposium on Engineering Secure Software and Systems. Springer-Verlag New York, Inc., New York, NY, USA, 138--154.

Digital Library

[40]

Colin Percival. 2005. Cache missing for fun and profit. http://www.daemonology.net/papers/cachemissing.pdf. (Oct. 2005). Accessed on 22-April-2017.

[41]

Moinuddin K. Qureshi and Yale N. Patt. 2006. Utility-based cache partitioning: a low-overhead, high-performance, runtime mechanism to partition shared caches. In Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture. IEEE Computer Society, Washington, DC, USA, 423--432.

Digital Library

[42]

Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM Conference on Computer and Communications Security. ACM, New York, NY, USA, 199--212.

Digital Library

[43]

Daniel Sanchez and Christos Kozyrakis. 2011. Vantage: scalable and efficient fine-grain cache partitioning. In Proceedings of the 38th annual international symposium on Computer architecture, Vol. 39. ACM, New York, NY, USA, 57--68.

Digital Library

[44]

Jicheng Shi, Xiang Song, Haibo Chen, and Binyu Zang. 2011. Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring. In Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops. IEEE Computer Society, Washington, DC, USA, 194--199.

Digital Library

[45]

Ronak Singhal. 2008. Inside Intel core microarchitecture (Nehalem). In 2008 IEEE Hot Chips Symposium (HCS). IEEE, 1--25.

[46]

Yao Wang, Andrew Ferraiuolo, Danfeng Zhang, Andrew C. Myers, and G. Edward Suh. 2016. SecDCP: secure dynamic cache partitioning for efficient timing channel protection. In Proceedings of the 53rd Annual Design Automation Conference. ACM, New York, NY, USA.

Digital Library

[47]

Zhenghong Wang and Ruby B. Lee. 2007. New cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 34th Annual International Symposium on Computer Architecture. ACM, New York, NY, USA, 494--505.

Digital Library

[48]

Yuejian Xie and Gabriel H. Loh. 2009. PIPP: promotion/insertion pseudo-partitioning of multi-core shared caches. In Proceedings of the 36th Annual International Symposium on Computer Architecture, Vol. 37. ACM, New York, NY, USA, 174--183.

Digital Library

[49]

Mengjia Yan, Yasser Shalabi, and Josep Torrellas. 2016. ReplayConfusion: detecting cache-based covert channel attacks using record and replay. In 49th Annual IEEE/ACM International Symposium on Microarchitecture. IEEE, 1--14.

[50]

Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In Proceedings of the 23rd USENIX Conference on Security Symposium. USENIX Association, Berkeley, CA, USA, 719--732. http://portal.acm.org/citation.cfm?id=2671271

Digital Library

[51]

Yinqian Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. 2014. Cross-tenant side-channel attacks in PaaS clouds. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, NY, USA, 990--1003.

Digital Library

[52]

Ziqiao Zhou, Michael K. Reiter, and Yinqian Zhang. 2016. A software approach to defeating side channels in last-Level caches. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, NY, USA, 871--882.

Digital Library

Cited By

Li MBu KMiao CRen K(2024)TreasureCache: Hiding Cache Evictions Against Side-Channel AttacksIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3354991(1-15)Online publication date: 2024
https://doi.org/10.1109/TDSC.2024.3354991
Li LHuang JFeng LWang Z(2024) Prefender: A Pref etching Def en der Against Cache Side Channel Attacks as a Preten der IEEE Transactions on Computers10.1109/TC.2024.337789173:6(1457-1471)Online publication date: Jun-2024
https://doi.org/10.1109/TC.2024.3377891
Song WXue ZHan JLi ZLiu P(2024)Randomizing Set-Associative Caches Against Conflict-Based Cache Side-Channel AttacksIEEE Transactions on Computers10.1109/TC.2024.334965973:4(1019-1033)Online publication date: Apr-2024
https://doi.org/10.1109/TC.2024.3349659
Show More Cited By

Index Terms

Secure Hierarchy-Aware Cache Replacement Policy (SHARP): Defending Against Cache-Based Side Channel Atacks
1. Computer systems organization
  1. Architectures
    1. Parallel architectures
      1. Multicore architectures
2. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures

Recommendations

Secure Hierarchy-Aware Cache Replacement Policy (SHARP): Defending Against Cache-Based Side Channel Atacks
ISCA'17

In cache-based side channel attacks, a spy that shares a cache with a victim probes cache locations to extract information on the victim's access patterns. For example, in evict+reload, the spy repeatedly evicts and then reloads a probe address, ...
New cache designs for thwarting software cache-based side channel attacks
ISCA '07: Proceedings of the 34th annual international symposium on Computer architecture

Software cache-based side channel attacks are a serious new class of threats for computers. Unlike physical side channel attacks that mostly target embedded cryptographic devices, cache-based side channel attacks can also undermine general purpose ...
Counter-Based Cache Replacement and Bypassing Algorithms

Recent studies have shown that in highly associative caches, the performance gap between the Least Recently Used (LRU) and the theoretical optimal replacement algorithms is large, motivating the design of alternative replacement algorithms to improve ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ISCA '17: Proceedings of the 44th Annual International Symposium on Computer Architecture

June 2017

736 pages

ISBN:9781450348928

DOI:10.1145/3079856

ACM SIGARCH Computer Architecture News Volume 45, Issue 2
ISCA'17
May 2017
715 pages
ISSN:0163-5964
DOI:10.1145/3140659
Editor:
Babak Falsafi
Interim
Issue’s Table of Contents

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

IEEE: IEEE Computer Society Technical Committee on Design Automation
SIGARCH: ACM Special Interest Group on Computer Architecture

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 June 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

National Science Foundation

Conference

ISCA '17

Sponsor:

IEEE
SIGARCH

ISCA '17: The 44th Annual International Symposium on Computer Architecture

June 24 - 28, 2017

ON, Toronto, Canada

Acceptance Rates

ISCA '17 Paper Acceptance Rate 54 of 322 submissions, 17%;

Overall Acceptance Rate 543 of 3,203 submissions, 17%

Upcoming Conference

ISCA '25

Sponsor:
sigarch

The 52nd Annual International Symposium on Computer Architecture

June 21 - 25, 2025

Tokyo , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

87
Total Citations
View Citations
1,743
Total Downloads

Downloads (Last 12 months)245
Downloads (Last 6 weeks)25

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Li MBu KMiao CRen K(2024)TreasureCache: Hiding Cache Evictions Against Side-Channel AttacksIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3354991(1-15)Online publication date: 2024
https://doi.org/10.1109/TDSC.2024.3354991
Li LHuang JFeng LWang Z(2024) Prefender: A Pref etching Def en der Against Cache Side Channel Attacks as a Preten der IEEE Transactions on Computers10.1109/TC.2024.337789173:6(1457-1471)Online publication date: Jun-2024
https://doi.org/10.1109/TC.2024.3377891
Song WXue ZHan JLi ZLiu P(2024)Randomizing Set-Associative Caches Against Conflict-Based Cache Side-Channel AttacksIEEE Transactions on Computers10.1109/TC.2024.334965973:4(1019-1033)Online publication date: Apr-2024
https://doi.org/10.1109/TC.2024.3349659
Naveenkumar R. Sivamangai NBruntha PGovindaraj VElngar A(2023)Attacks by Hardware Trojans on Neural NetworksNeuromorphic Computing Systems for Industry 4.010.4018/978-1-6684-6596-7.ch010(261-288)Online publication date: 16-Jun-2023
https://doi.org/10.4018/978-1-6684-6596-7.ch010
Crocetti LNannipieri PDi Matteo SSaponara S(2023)Design Methodology and Metrics for Robust and Highly Qualified Security Modules in Trusted EnvironmentsElectronics10.3390/electronics1223484312:23(4843)Online publication date: 30-Nov-2023
https://doi.org/10.3390/electronics12234843
Chacon GWilliams CKnechtel JSinanoglu OGratz PSoteriou V(2023)Coherence Attacks and Countermeasures in Interposer-based Chiplet SystemsACM Transactions on Architecture and Code Optimization10.1145/363346121:2(1-25)Online publication date: 20-Nov-2023
https://dl.acm.org/doi/10.1145/3633461
Xue ZHan JSong W(2023)CTPP: A Fast and Stealth Algorithm for Searching Eviction Sets on Intel ProcessorsProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607202(151-163)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607202
Fiolhais LSousa L(2023)Transient-Execution Attacks: A Computer Architect PerspectiveACM Computing Surveys10.1145/360361956:3(1-38)Online publication date: 6-Oct-2023
https://dl.acm.org/doi/10.1145/3603619
Yuan FWang KYing JHou RZhao LLi PZhu YJi ZMeng D(2023)Architecting the Autocuckoo Filter to Defend Against Cross-Core Cache AttacksIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2022.319332542:4(1280-1294)Online publication date: Apr-2023
https://doi.org/10.1109/TCAD.2022.3193325
Zhu JLi MZhang XBu KZhang MSong T(2023)Hitchhiker: Accelerating ORAM With Dynamic SchedulingIEEE Transactions on Computers10.1109/TC.2023.324827272:8(2321-2335)Online publication date: 1-Aug-2023
https://doi.org/10.1109/TC.2023.3248272
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents