research-article

RIC: Relaxed Inclusion Caches for Mitigating LLC Side-Channel Attacks

Authors:

Mehmet Kayaalp,

Khaled N. Khasawneh,

Hodjat Asghari Esfeden,

Nael Abu-Ghazaleh,

Dmitry Ponomarev,

Aamer JaleelAuthors Info & Claims

DAC '17: Proceedings of the 54th Annual Design Automation Conference 2017

Article No.: 7, Pages 1 - 6

https://doi.org/10.1145/3061639.3062313

Published: 18 June 2017 Publication History

Abstract

Recently, side-channel attacks on Last Level Caches (LLCs) were demonstrated. The attacks require the ability to evict critical data from the cache hierarchy, making future accesses visible. We propose Relaxed Inclusion Caches (RIC), a low-complexity cache design protecting against LLC side channel attacks. RIC relaxes inclusion when it is not needed, preventing the attacker from replacing the victim's data from the local core caches thus protecting critical data from leakage. RIC improves performance (by about 10%) and retains snoop filtering capabilities of inclusive cache hierarchies, while requiring only minimal changes to the cache.

References

[1]

T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, "Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds," in 16th ACM Conference on Computer and Communications Security (CCS), pp. 199--212, 2009.

Digital Library

[2]

G. Irazoqui, T. Eisenbarth, and B. Sunar, "S$a: A shared cache attack that works across cores and defies vm sandboxing and its application to AES," in IEEE Symposium on Security and Privacy (SP), 2015.

Digital Library

[3]

F. Liu, Y. Yarom, Q. Ge, G. Heiser, and R. B. Lee, "Last-level cache side-channel attacks are practical," in IEEE Symposium on Security and Privacy (SP), San Jose, CA, US, 2015.

Digital Library

[4]

D. Evtyushkin, D. Ponomarev, and N. Abu-Ghazaleh, "Jump over ASLR: Attacking branch predictors to bypass ASLR," in 49th International Symposium on Micrarchitecture (MICRO), 2016.

[5]

T. Kim, M. Peinado, and G. Mainar-Ruiz, "Stealthmem: System-level protection against cache-based side channel attacks in the cloud," in USENIX Security Symposium, Aug. 2012.

Digital Library

[6]

Z. Wang and R. Lee, "A novel cache architecture with enhanced performance and security," in Proc. International Symposium on Microarchitecture (MICRO), Dec. 2008.

Digital Library

[7]

F. Liu and R. Lee, "Random fill cache architecture," in International Symposium on Microarchitecture, Cambridge, UK, 2014.

Digital Library

[8]

D. Gullasch, E. Bangerter, and S. Krenn, "Cache games -- bringing access-based cache attacks on aes to practice," in Security and Privacy (SP), 2011 IEEE Symposium on, pp. 490--505, 2011.

Digital Library

[9]

M. Kayaalp, N. Abu-Ghazaleh, D. Ponomarev, and A. Jaleel, "A high-resolution side-channel attack on last-level cache," in Proc. of the ACM Design Automation Conference (DAC), 2016.

Digital Library

[10]

F. Liu, Q. Ge, Y. Yarom, F. Mckeen, C. Rozas, G. Heiser, and R. Lee, "Catalyst: Defeating last-level cache side channel attacks in cloud computing," in Proc. 22nd IEEE Symposium on High Performance Computer Architecture (HPCA), 2016.

[11]

L. Domnitser, A. Jaleel, J. Loew, N. Abu-Ghazaleh, and D. Ponomarev, "Non-monopolizable caches: Low-complexity mitigation of cache side-channel attacks," in ACM Transactions on Architecture and Code Optimization, Special Issue on High Performance and Embedded Architectures and Compilers, Jan. 2012.

Digital Library

[12]

Z. Wang and R. Lee, "New cache designs for thwarting software cache-based side channel attacks," in Proc. International Symposium on Computer Architecture (ISCA), June 2007.

Digital Library

[13]

P. H. et al., "Haswell: The fourth-generation intel core processor," in IEEE Micro Magazine, Apr. 2014.

[14]

D. Bouvier, B. Cohen, W. Fry, S. Godey, and M. Mantor, "Kabini: An amd accelerated processing unit system on a chip," in IEEE Micro Magazine, Apr. 2014.

[15]

T. ElGamal, "A public key cryptosystem and a signature scheme based on discrete logarithms," in Advances in cryptology, pp. 10--18, Springer, 1984.

Digital Library

[16]

B. A. Cuesta, A. Ros, M. E. Gómez, A. Robles, and J. F. Duato, "Increasing the effectiveness of directory caches by deactivating coherence for private memory blocks," in International Symposium on Computer Architecture, pp. 93--104, 2011.

Digital Library

[17]

"M-sim version 3.0, code and documentation," 2005. Available at: http://www.cs.binghamton.edu/~msim.

[18]

A. Jaleel, E. Borch, M. Bhandaru, S. Steely, and J. Emer, "Achieving non-inclusive cache performance with inclusive caches - temporal locality aware (TLA) cache management policies," in Proc. International Symposium on Microarchitecture (MICRO), 2010.

Digital Library

[19]

P. Shivakumar and N. P. Jouppi, "Cacti 3.0: An integrated cache timing, power, and area model," tech. rep., Technical Report 2001/2, Compaq Computer Corporation, 2001.

[20]

R. Martin, J. Demme, and S. Sethumadhavan, "Timewarp: Rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks," in International Symposium on Computer Architecture (ISCA), June 2012.

Digital Library

[21]

M. Alisafaee, "Spatiotemporal coherence tracking," in Proceedings of the 2012 45th International Symposium on Microarchitecture (MICRO), MICRO-45, pp. 341--350, 2012.

Digital Library

[22]

L. Zhao, R. Iyer, S. Makineni, D. Newell, and L. Cheng, "Ncid: A non-inclusive cache, inclusive directory architecture for flexible and efficient cache hierarchies," in Proc. ACM International Conference on Computing Frontiers, May 2010.

Digital Library

[23]

D.Page, "Partitioned cache architecture as a side-channel defense mechanism," in Crypt. ePrint Arch., 2005.

[24]

J. Kong, O. Aclicmez, J. Seifert, and H. Zhou, "Hardware-software integrated approaches to defend against software cache-based side channel attacks," in Int. Symp. on High Performance Comp. Architecture (HPCA), February 2009.

[25]

Z. Zhou, M. K. Reiter, and Y. Zhang, "A software approach to defeating side channels in last-level caches," in Proc. ACM CCS, 2016.

Digital Library

Cited By

Wang MJia SZheng FMa YLin JMeng LMa Z(2024)TF-Timer: Mitigating Cache Side-Channel Attacks in Cloud through a Targeted Fuzzy Timer2024 IEEE Wireless Communications and Networking Conference (WCNC)10.1109/WCNC57260.2024.10571330(1-6)Online publication date: 21-Apr-2024
https://doi.org/10.1109/WCNC57260.2024.10571330
Qiu PGao QLiu CWang DLyu YLi XWang CQu G(2023)PMU-Spill: A New Side Channel for Transient Execution AttacksIEEE Transactions on Circuits and Systems I: Regular Papers10.1109/TCSI.2023.329891370:12(5048-5059)Online publication date: Dec-2023
https://doi.org/10.1109/TCSI.2023.3298913
Yuan FWang KYing JHou RZhao LLi PZhu YJi ZMeng D(2023)Architecting the Autocuckoo Filter to Defend Against Cross-Core Cache AttacksIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2022.319332542:4(1280-1294)Online publication date: Apr-2023
https://doi.org/10.1109/TCAD.2022.3193325
Show More Cited By

RIC: Relaxed Inclusion Caches for Mitigating LLC Side-Channel Attacks
1. Hardware
  1. Integrated circuits
    1. Semiconductor memory

Recommendations

TLB Improvements for Chip Multiprocessors: Inter-Core Cooperative Prefetchers and Shared Last-Level TLBs

Translation Lookaside Buffers (TLBs) are critical to overall system performance. Much past research has addressed uniprocessor TLBs, lowering access times and miss rates. However, as Chip MultiProcessors (CMPs) become ubiquitous, TLB design and ...
SELECTIVE VICTIM CACHING: A METHOD TO IMPROVE THE PERFORMANCE OF DIRECT-MAPPED CACHES
High performance cache replacement using re-reference interval prediction (RRIP)
ISCA '10

Practical cache replacement policies attempt to emulate optimal replacement by predicting the re-reference interval of a cache block. The commonly used LRU replacement policy always predicts a near-immediate re-reference interval on cache hits and ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

DAC '17: Proceedings of the 54th Annual Design Automation Conference 2017

June 2017

533 pages

ISBN:9781450349277

DOI:10.1145/3061639

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

EDAC: Electronic Design Automation Consortium
SIGDA: ACM Special Interest Group on Design Automation
IEEE-CEDA

In-Cooperation

SIGBED: ACM Special Interest Group on Embedded Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 June 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Conference

DAC '17

Sponsor:

EDAC
SIGDA

DAC '17: The 54th Annual Design Automation Conference 2017

June 18 - 22, 2017

TX, Austin, USA

Acceptance Rates

Overall Acceptance Rate 1,770 of 5,499 submissions, 32%

Upcoming Conference

DAC '25

Sponsor:
sigda

62nd ACM/IEEE Design Automation Conference

June 22 - 26, 2025

San Francisco , CA , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

44
Total Citations
View Citations
257
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)1

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wang MJia SZheng FMa YLin JMeng LMa Z(2024)TF-Timer: Mitigating Cache Side-Channel Attacks in Cloud through a Targeted Fuzzy Timer2024 IEEE Wireless Communications and Networking Conference (WCNC)10.1109/WCNC57260.2024.10571330(1-6)Online publication date: 21-Apr-2024
https://doi.org/10.1109/WCNC57260.2024.10571330
Qiu PGao QLiu CWang DLyu YLi XWang CQu G(2023)PMU-Spill: A New Side Channel for Transient Execution AttacksIEEE Transactions on Circuits and Systems I: Regular Papers10.1109/TCSI.2023.329891370:12(5048-5059)Online publication date: Dec-2023
https://doi.org/10.1109/TCSI.2023.3298913
Yuan FWang KYing JHou RZhao LLi PZhu YJi ZMeng D(2023)Architecting the Autocuckoo Filter to Defend Against Cross-Core Cache AttacksIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2022.319332542:4(1280-1294)Online publication date: Apr-2023
https://doi.org/10.1109/TCAD.2022.3193325
Holtryd NManivannan MStenström P(2023)SCALE: Secure and Scalable Cache Partitioning2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55118.2023.10133713(68-79)Online publication date: 1-May-2023
https://doi.org/10.1109/HOST55118.2023.10133713
Holtryd NManivannan MStenström P(2023)SoK: Analysis of Root Causes and Defense Strategies for Attacks on Microarchitectural Optimizations2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP57164.2023.00044(631-650)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSP57164.2023.00044
Wu MMcCamant SYew PZhai A(2022)PREDATOR: A Cache Side-Channel Attack Detector Based on Precise Event Monitoring2022 IEEE International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED55351.2022.00010(25-36)Online publication date: Sep-2022
https://doi.org/10.1109/SEED55351.2022.00010
Gupta VGanesan VPanda B(2021)Seclusive Cache Hierarchy for Mitigating Cross-Core Cache and Coherence Directory Attacks2021 Design, Automation & Test in Europe Conference & Exhibition (DATE)10.23919/DATE51398.2021.9474168(637-640)Online publication date: 1-Feb-2021
https://doi.org/10.23919/DATE51398.2021.9474168
Yuan FWang KHou RLi XLi PZhao LYing JAwad AMeng D(2021)PiPoMonitor: Mitigating Cross-core Cache Attacks Using the Auto-Cuckoo Filter2021 Design, Automation & Test in Europe Conference & Exhibition (DATE)10.23919/DATE51398.2021.9473988(1697-1702)Online publication date: 1-Feb-2021
https://doi.org/10.23919/DATE51398.2021.9473988
Xiong WKatzenbeisser SSzefer J(2021)Leaking Information Through Cache LRU States in Commercial Processors and Secure CachesIEEE Transactions on Computers10.1109/TC.2021.305953170:4(511-523)Online publication date: 1-Apr-2021
https://doi.org/10.1109/TC.2021.3059531
Islam MOmidi BKhasawneh K(2021)Monotonic-HMDs: Exploiting Monotonic Features to Defend Against Evasive Malware2021 22nd International Symposium on Quality Electronic Design (ISQED)10.1109/ISQED51717.2021.9424310(97-102)Online publication date: 7-Apr-2021
https://doi.org/10.1109/ISQED51717.2021.9424310
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten