research-article

FaSe: fast selective flushing to mitigate contention-based cache timing attacks

Authors:

Sri ParameswaranAuthors Info & Claims

DAC '22: Proceedings of the 59th ACM/IEEE Design Automation Conference

Pages 541 - 546

https://doi.org/10.1145/3489517.3530491

Published: 23 August 2022 Publication History

Abstract

Caches are widely used to improve performance in modern processors. By carefully evicting cache lines and identifying cache hit/miss time, contention-based cache timing channel attacks can be orchestrated to leak information from the victim process. Existing hardware countermeasures explored cache partitioning and randomization, are either costly, not applicable for the L1 data cache, or are vulnerable to sophisticated attacks. Countermeasures using cache flush exist but are slow since all cache lines have to be evacuated during a cache flush. In this paper, we propose for the first time a hardware/software flush-based countermeasure, called fast selective flushing (FaSe). By utilizing an ISA extension and cache modification, FaSe selectively flushes cache lines and provides a mitigation method with a similar effect to methods using naive flush. FaSe is implemented on RISC-V Rocket Chip and evaluated on Xilinx FPGA running user programs and the Linux OS. Our experiments show that FaSe reduces time overhead by 36% for user programs and 42% for the OS compared to the methods with naive flushing, with less than 1% hardware overhead. Our security test shows FaSe can mitigate target cache timing attacks.

References

[1]

Yossef Oren et al. 2015. The spy in the sandbox: practical cache attacks in javascript and their implications. In CCS '15.

[2]

Dag Arne Osvik, Adi Shamir, and Eran Tromer. 2006. Cache attacks and countermeasures: the case of aes. In CT-RSA'06, 1--20.

[3]

Daniel J Bernstein. 2005. Cache-timing attacks on AES. Technical report.

[4]

Qian Ge et al. 2019. Time protection: the missing os abstraction. In EuroSys '19, 1:1--1:17.

[5]

Leonid Domnitser et al. 2012. Non-monopolizable caches: low-complexity mitigation of cache side channel attacks. TACO, 8, 4, (January 2012).

[6]

Moinuddin K. Qureshi. 2018. Ceaser: mitigating conflict-based cache attacks via encrypted-address and remapping. In MICRO '18, 775--787.

[7]

Wei Song et al. 2021. Randomized last-level caches are still vulnerable to cache side-channel attacks! but we can fix it. In S&P '21, 955--969.

[8]

Yinqian Zhang and Michael K. Reiter. 2013. Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud. In CCS '13.

[9]

Oleksii Oleksenko et al. 2018. Varys: protecting sgx enclaves from practical side-channel attacks. In USENIX ATC '18, 227--239.

[10]

A. Agarwal, J. Hennessy, and M. Horowitz. 1989. An analytical cache model. ACM Trans. Comput. Syst., 7, 2, (May 1989).

Digital Library

[11]

Mengjia Yan et al. 2017. Secure hierarchy-aware cache replacement policy (sharp): defending against cache-based side channel atacks. In ISCA '17.

[12]

Zhenghong Wang and Ruby B. Lee. 2008. A novel cache architecture with enhanced performance and security. In MICRO '08, 83--93.

[13]

Mario Werner et al. 2019. Scattercache: thwarting cache attacks via cache set randomization. In USENIX '19. (August 2019), 675--692.

[14]

Taesoo Kim et al. 2012. STEALTHMEM: system-level protection against cache-based side channel attacks in the cloud. In USENIX '12, 189--204.

[15]

Fangfei Liu et al. 2016. Catalyst: defeating last-level cache side channel attacks in cloud computing. In HPCA '16, 406--418.

[16]

Xiaowan Dong et al. 2018. Shielding software from privileged side-channel attacks. In USENIX '18. (August 2018), 1441--1458.

[17]

Thomas Bourgeat et al. 2019. Mi6: secure enclaves in a speculative out-of-order processor. In MICRO '19, 42--56.

[18]

Nils Wistoff et al. 2020. Prevention of microarchitectural covert channels on an open-source 64-bit RISC-V core. CoRR, abs/2005.02193.

[19]

Tuo Li et al. 2020. SIMF: single-instruction multiple-flush mechanism for processor temporal isolation. (2020). https://arxiv.org/abs/2011.10249.

[20]

Eran Tromer, Dag Arne Osvik, and Adi Shamir. 2010. Efficient cache attacks on aes, and countermeasures. 23, 1.

[21]

Krste Asanovic et al. 2016. The Rocket Chip Generator. Technical report UCB/EECS-2016-17. EECS Department, University of California, Berkeley.

[22]

Larry McVoy and Carl Staelin. 1996. Lmbench: portable tools for performance analysis. In ATEC '96, 23--23.

[23]

M. R. Guthaus et al. 2001. Mibench: a free, commercially representative embedded benchmark suite. In WWC '01, 3--14.

[24]

Yuval Yarom. 2016. Mastik: a micro-architectural side-channel toolkit. (2016). https://cs.adelaide.edu.au/~yval/Mastik/Mastik.pdf.

Cited By

Anand SFriedman MGiardino MAlonso GTsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)Skip It: Take Control of Your Cache!Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3620665.3640407(1077-1094)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620665.3640407
Sharma IOjha S(2023)Enhancing Prime+Probe Attack Detection Using AI and Machine Learning Techniques for Improved Security2023 Global Conference on Information Technologies and Communications (GCITC)10.1109/GCITC60406.2023.10426323(1-6)Online publication date: 1-Dec-2023
https://doi.org/10.1109/GCITC60406.2023.10426323

Recommendations

SELECTIVE VICTIM CACHING: A METHOD TO IMPROVE THE PERFORMANCE OF DIRECT-MAPPED CACHES
TLB Improvements for Chip Multiprocessors: Inter-Core Cooperative Prefetchers and Shared Last-Level TLBs

Translation Lookaside Buffers (TLBs) are critical to overall system performance. Much past research has addressed uniprocessor TLBs, lowering access times and miss rates. However, as Chip MultiProcessors (CMPs) become ubiquitous, TLB design and ...
High performance cache replacement using re-reference interval prediction (RRIP)
ISCA '10

Practical cache replacement policies attempt to emulate optimal replacement by predicting the re-reference interval of a cache block. The commonly used LRU replacement policy always predicts a near-immediate re-reference interval on cache hits and ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

DAC '22: Proceedings of the 59th ACM/IEEE Design Automation Conference

July 2022

1462 pages

ISBN:9781450391429

DOI:10.1145/3489517

General Chair:
Rob Oshana
NXP

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGDA: ACM Special Interest Group on Design Automation
IEEE CEDA

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 August 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

Australian Research Council

Conference

DAC '22

Sponsor:

SIGDA

DAC '22: 59th ACM/IEEE Design Automation Conference

July 10 - 14, 2022

California, San Francisco

Acceptance Rates

Overall Acceptance Rate 1,770 of 5,499 submissions, 32%

Upcoming Conference

DAC '25

Sponsor:
sigda

62nd ACM/IEEE Design Automation Conference

June 22 - 26, 2025

San Francisco , CA , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
179
Total Downloads

Downloads (Last 12 months)40
Downloads (Last 6 weeks)1

Reflects downloads up to 11 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Anand SFriedman MGiardino MAlonso GTsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)Skip It: Take Control of Your Cache!Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3620665.3640407(1077-1094)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620665.3640407
Sharma IOjha S(2023)Enhancing Prime+Probe Attack Detection Using AI and Machine Learning Techniques for Improved Security2023 Global Conference on Information Technologies and Communications (GCITC)10.1109/GCITC60406.2023.10426323(1-6)Online publication date: 1-Dec-2023
https://doi.org/10.1109/GCITC60406.2023.10426323

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten