skip to main content
10.1145/3404397.3404434acmotherconferencesArticle/Chapter ViewAbstractPublication PagesicppConference Proceedingsconference-collections
research-article

First Time Miss : Low Overhead Mitigation for Shared Memory Cache Side Channels

Published: 17 August 2020 Publication History

Abstract

Cache hit or miss is an important source of information leakage in cache side channel attacks. An attacker observes a much faster cache access time if the cache line has previously been filled in by the victim, and a much slower memory access time if the victim has not accessed this cache line, thus revealing to the attacker whether the victim has accessed the cache line or not.
For machines with private caches, this leakage can be mitigated by scheduling the victim and potential attackers on different cores, or flushing the private caches after a use. However, the latter is less practical for the large last-level cache. In this work, we propose a novel yet simple mitigation approach for cross-core attacks, called FTM (first time miss) approach. In this approach, in order to hide a cache hit to a shared cache, we make it to behave like a miss when it is accessed the first time by a thread. It is simulated by buffering the cache line for a time similar to the memory access time (i.e. like a miss penalty), and then sending it to the private cache. The next access onwards, it is safe to allow cache hits on this cache line because the attacker has already accessed it once, and expects it to be filled anyway. Thus, all of the cache lines appear to be accessed only by the attacker, and the access patterns of the victim can be hidden.
The hardware overhead for the FTM scheme is minimal because it only needs a small per core buffer. Simulation-based evaluation on SPEC and PARSEC benchmarks shows low performance hit (< 0.1%) because of low number of first time misses in most application programs.

References

[1]
Victor Costan, Ilia Lebedev, and Srinivas Devadas. [n.d.]. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. ([n. d.]).
[2]
Daniel Gruss, Raphael Spreitzer, and Stefan Mangard. 2015. Cache template attacks: Automating attacks on inclusive last-level caches. In 24th {USENIX} Security Symposium ({USENIX} Security 15). 897–912.
[3]
Aamer Jaleel, Kevin B Theobald, Simon C Steely Jr, and Joel Emer. 2010. High performance cache replacement using re-reference interval prediction (RRIP). ACM SIGARCH Computer Architecture News 38, 3 (2010), 60–71.
[4]
Vladimir Kiriansky, Ilia Lebedev, Saman Amarasinghe, Srinivas Devadas, and Joel Emer. 2018. DAWG: A defense against cache timing attacks in speculative execution processors. In 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). IEEE, 974–987.
[5]
Chang Liu, Austin Harris, Martin Maas, Michael Hicks, Mohit Tiwari, and Elaine Shi. 2015. Ghostrider: A hardware-software system for memory trace oblivious computation. ACM SIGPLAN Notices 50, 4 (2015), 87–101.
[6]
Fangfei Liu, Qian Ge, Yuval Yarom, Frank Mckeen, Carlos Rozas, Gernot Heiser, and Ruby B Lee. 2016. Catalyst: Defeating last-level cache side channel attacks in cloud computing. In 2016 IEEE international symposium on high performance computer architecture (HPCA). IEEE, 406–418.
[7]
Fangfei Liu, Hao Wu, Kenneth Mai, and Ruby B Lee. 2016. Newcache: Secure cache architecture thwarting cache side-channel attacks. IEEE Micro 36, 5 (2016), 8–16.
[8]
Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B Lee. 2015. Last-level cache side-channel attacks are practical. In 2015 IEEE symposium on security and privacy. IEEE, 605–622.
[9]
Oracle. 2020 (accessed March 16, 2020). Hard Partitioning. https://docs.oracle.com/cd/E50245_01/E50249/html/vmcon-vm-pinning.html
[10]
Moinuddin K Qureshi. 2018. Ceaser: Mitigating conflict-based cache attacks via encrypted-address and remapping. In 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). IEEE, 775–787.
[11]
Moinuddin K Qureshi. 2019. New attacks and defense for encrypted-address cache. In Proceedings of the 46th International Symposium on Computer Architecture. 360–371.
[12]
Kartik Ramkrishnan, Antonia Zhai, Stephen McCamant, and Pen Chung Yew. 2019. New Attacks and Defenses for Randomized Caches. arxiv:1909.12302 [cs.CR]
[13]
Ashay Rane, Calvin Lin, and Mohit Tiwari. 2015. Raccoon: Closing digital side-channels through obfuscated execution. In 24th {USENIX} Security Symposium ({USENIX} Security 15). 431–446.
[14]
Daniel Sanchez and Christos Kozyrakis. 2011. Vantage: scalable and efficient fine-grain cache partitioning. In Proceedings of the 38th annual international symposium on Computer architecture. 57–68.
[15]
Daniel Sanchez and Christos Kozyrakis. 2013. ZSim: Fast and accurate microarchitectural simulation of thousand-core systems. ACM SIGARCH Computer architecture news 41, 3 (2013), 475–486.
[16]
Emil Stefanov, Marten Van Dijk, Elaine Shi, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. 2013. Path ORAM: an extremely simple oblivious RAM protocol. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. 299–310.
[17]
Zhenghong Wang and Ruby B Lee. 2007. New cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 34th annual international symposium on Computer architecture. 494–505.
[18]
Mario Werner, Thomas Unterluggauer, Lukas Giner, Michael Schwarz, Daniel Gruss, and Stefan Mangard. 2019. ScatterCache: thwarting cache attacks via cache set randomization. In 28th {USENIX} Security Symposium ({USENIX} Security 19). 675–692.
[19]
Mengjia Yan, Bhargava Gopireddy, Thomas Shull, and Josep Torrellas. 2017. Secure hierarchy-aware cache replacement policy (SHARP): Defending against cache-based side channel attacks. In 2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA). IEEE, 347–360.
[20]
Yuval Yarom and Katrina Falkner. 2014. FLUSH+ RELOAD: a high resolution, low noise, L3 cache side-channel attack. In 23rd {USENIX} Security Symposium ({USENIX} Security 14). 719–732.

Cited By

View all
  • (2023)SpecBox: A Label-Based Transparent Speculation Scheme Against Transient Execution AttacksIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.314428720:1(827-840)Online publication date: 1-Jan-2023
  • (2023)Preventing Coherence State Side Channel Leaks Using TimeCacheIEEE Transactions on Computers10.1109/TC.2022.320992272:2(374-385)Online publication date: 1-Feb-2023
  • (2023)Guard Cache: Creating False Cache Hits and Misses To Mitigate Side-Channel Attacks2023 Silicon Valley Cybersecurity Conference (SVCC)10.1109/SVCC56964.2023.10165527(1-8)Online publication date: 17-May-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ICPP '20: Proceedings of the 49th International Conference on Parallel Processing
August 2020
844 pages
ISBN:9781450388160
DOI:10.1145/3404397
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 August 2020

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. cache
  2. computer architecture
  3. security
  4. side channel

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

ICPP '20

Acceptance Rates

Overall Acceptance Rate 91 of 313 submissions, 29%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)41
  • Downloads (Last 6 weeks)1
Reflects downloads up to 25 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)SpecBox: A Label-Based Transparent Speculation Scheme Against Transient Execution AttacksIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.314428720:1(827-840)Online publication date: 1-Jan-2023
  • (2023)Preventing Coherence State Side Channel Leaks Using TimeCacheIEEE Transactions on Computers10.1109/TC.2022.320992272:2(374-385)Online publication date: 1-Feb-2023
  • (2023)Guard Cache: Creating False Cache Hits and Misses To Mitigate Side-Channel Attacks2023 Silicon Valley Cybersecurity Conference (SVCC)10.1109/SVCC56964.2023.10165527(1-8)Online publication date: 17-May-2023
  • (2022)Data-Out Instruction-In (DOIN!): Leveraging Inclusive Caches to Attack Speculative Delay Schemes2022 IEEE International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED55351.2022.00012(49-60)Online publication date: Sep-2022
  • (2021)TimeCacheProceedings of the 48th Annual International Symposium on Computer Architecture10.1109/ISCA52012.2021.00037(375-387)Online publication date: 14-Jun-2021

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media