skip to main content
10.1145/3634737.3645011acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
research-article

Non-Fusion Based Coherent Cache Randomization Using Cross-Domain Accesses

Published: 01 July 2024 Publication History

Abstract

Randomization has proven to be a effective defense against conflict-based side-channel attacks in a shared cache. It improves security by assigning a unique randomization scheme to each security domain, e.g., though a different hashing function. However, if two domains have shared data, the domains must be fused in order to guarantee correctness (i.e., data coherence). Such domain fusion significantly reduces the effectiveness of randomization and weakens its security protection.
We propose randomization with sharing (RAWS), which enables secure cross-domain accesses while enforcing cache coherence (and thus data coherence). Based on RAWS, we design a non-fusion based inter-domain coherence protocol (NF-IDCP). NF-IDCP enables cache coherence by looking up and flushing multiple cache lines associated with shared-writable data during their cross-domain accesses. Furthermore, NF-IDCP uses constant-delay banking to securely reduce the latency of the cache line flushes. We also use a secure tag-based filter (STF) to reduce flush costs, for example, by explicitly storing the exact cache locations to be flushed.
The security evaluation shows that conflict attacks on the optimized NF-IDCP structures cannot leak conflict observations at a meaningful rate. Attack simulations using CacheFX demonstrate that domain fusion significantly retards the protection provided by randomization schemes. Performance overhead of SPECrate 2017 and PARSEC 3.0 benchmarks is evaluated on ZSim, a microarchitectural simulator. To study the performance impact on realistic workloads, such as Firefox, Chromium and X Server, we use a cache simulator built on top of PANDA, a full-system emulator. Across all configurations, the average performance overhead is less than 5%, and the hardware overhead is less than 3% compared to a domain-fused randomization.

Supplementary Material

PDF File (p186-supp.pdf)
Supplemental material.

References

[1]
[n. d.]. codebase. https://www.chromium.org/developers/design-documents/gpu-command-buffer. Accessed: 2023-07-15.
[2]
[n. d.]. commandbuffer. https://www.chromium.org/developers/design-documents/gpu-command-buffer. Accessed: 2023-07-15.
[3]
[n. d.]. cve-2023-25000. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25000. Accessed: 2023-12-12.
[4]
[n. d.]. cve-2023-25332. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25332. Accessed: 2023-12-12.
[5]
[n. d.]. cve-2023-26556. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26556. Accessed: 2023-12-12.
[6]
[n. d.]. cve-2023-26557. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26557. Accessed: 2023-12-12.
[7]
[n. d.]. cve-2023-32691. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32691. Accessed: 2023-12-12.
[8]
[n. d.]. firefoxSharing. https://blog.mozilla.org/attack-and-defense/2021/01/27/effectively-fuzzing-the-ipc-layer-in-firefox/. Accessed: 2023-07-15.
[9]
[n. d.]. intelsidechannel. https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/securing-workloads-against-side-channel-methods.html. Accessed: 2023-07-15.
[10]
[n. d.]. ipc-sniffer. https://github.com/tomer8007/chromium-ipc-sniffer. Accessed: 2023-07-10.
[11]
[n. d.]. IPDL. https://firefox-source-docs.mozilla.org/ipc/ipdl.html. Accessed: 2023-07-10.
[12]
[n. d.]. memfdSharing. https://man7.org/linux/man-pages/man2/memfd_create.2.html. Accessed: 2023-07-15.
[13]
[n. d.]. mit-shm. https://en.wikipedia.org/wiki/MIT-SHM. Accessed: 2023-07-10.
[14]
[n. d.]. mojo-ipc. https://chromium.googlesource.com/chromium/src/+/refs/tags/72.0.3586.1/ipc/. Accessed: 2023-07-10.
[15]
[n. d.]. onlineAppendix. https://github.com/kartikram3/RAWS-Supplementary. Accessed: 2023-12-12.
[16]
[n. d.]. pulseaudio. https://man.archlinux.org/man/pulseaudio.1.en. Accessed: 2023-07-15.
[17]
[n. d.]. qubes. https://www.qubes-os.org/. Accessed: 2023-07-15.
[18]
[n. d.]. sidechannel1. https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/secure-coding/security-best-practices-side-channel-resistance.html. Accessed: 2023-07-15.
[19]
[n. d.]. xserver. https://en.wikipedia.org/wiki/X.Org_Server. Accessed: 2023-07-15.
[20]
Rajeev Balasubramonian, Andrew B Kahng, Naveen Muralimanohar, Ali Shafiee, and Vaishnav Srinivas. 2017. CACTI 7: New tools for interconnect exploration in innovative off-chip memories. ACM Transactions on Architecture and Code Optimization (TACO) 14, 2 (2017), 1--25.
[21]
Nathan Beckmann and Daniel Sanchez. 2013. Jigsaw: Scalable software-defined caches. In Proceedings of the 22nd international conference on Parallel architectures and compilation techniques. IEEE, 213--224.
[22]
Joseph Bonneau and Ilya Mironov. 2006. Cache-collision timing attacks against AES. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 201--215.
[23]
Samira Briongos, Pedro Malagón, José M Moya, and Thomas Eisenbarth. 2020. RELOAD+ REFRESH: Abusing cache replacement policies to perform stealthy cache attacks. In 29th {USENIX} Security Symposium ({USENIX} Security 20). 1967--1984.
[24]
James Bucek, Klaus-Dieter Lange, and Jóakim v. Kistowski. 2018. SPEC CPU2017: Next-generation compute benchmark. In Companion of the 2018 ACM/SPEC International Conference on Performance Engineering. 41--42.
[25]
Yun Chen, Lingfeng Pei, and Trevor E Carlson. 2021. Leaking Control Flow Information via the Hardware Prefetcher. arXiv preprint arXiv:2109.00474 (2021).
[26]
Ghada Dessouky, Tommaso Frassetto, and Ahmad-Reza Sadeghi. 2020. HybCache: Hybrid side-channel-resilient caches for trusted execution environments. In 29th {USENIX} Security Symposium ({USENIX} Security 20). 451--468.
[27]
David L Dill. 1996. The Mur ϕ verification system. In Computer Aided Verification: 8th International Conference, CAV'96 New Brunswick, NJ, USA, July 31-August 3, 1996 Proceedings 8. Springer, 390--393.
[28]
Brendan Dolan-Gavitt, Josh Hodosh, Patrick Hulin, Tim Leek, and Ryan Whelan. 2015. Repeatable reverse engineering with PANDA. In Proceedings of the 5th Program Protection and Reverse Engineering Workshop. 1--11.
[29]
Nosayba El-Sayed, Anurag Mukkara, Po-An Tsai, Harshad Kasture, Xiaosong Ma, and Daniel Sanchez. 2018. KPart: A hybrid cache partitioning-sharing technique for commodity multicores. In 2018 IEEE International Symposium on High Performance Computer Architecture (HPCA). IEEE, 104--117.
[30]
Daniel Genkin, William Kosasih, Fangfei Liu, Anna Trikalinou, Thomas Unterluggauer, and Yuval Yarom. 2023. Cachefx: A framework for evaluating cache security. In Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security. 163--176.
[31]
Lukas Giner, Stefan Steinegger, Antoon Purnal, Maria Eichlseder, Thomas Unterluggauer, Stefan Mangard, and Daniel Gruss. 2022. Scatter and Split Securely: Defeating Cache Contention and Occupancy Attacks. In 2023 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 1101--1115.
[32]
Daniel Gruss, Clémentine Maurice, Klaus Wagner, and Stefan Mangard. 2016. Flush+ Flush: a fast and stealthy cache attack. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 279--299.
[33]
Daniel Gruss, Raphael Spreitzer, and Stefan Mangard. 2015. Cache template attacks: Automating attacks on inclusive last-level caches. In 24th {USENIX} Security Symposium ({USENIX} Security 15). 897--912.
[34]
Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2016. Cross processor cache attacks. In Proceedings of the 11th ACM on Asia conference on computer and communications security. 353--364.
[35]
Sowoong Kim, Myeonggyun Han, and Woongki Baek. 2022. DPrime+ DAbort: A High-Precision and Timer-Free Directory-Based Side-Channel Attack in Non-Inclusive Cache Hierarchies using Intel TSX. IEEE.
[36]
Vladimir Kiriansky, Ilia Lebedev, Saman Amarasinghe, Srinivas Devadas, and Joel Emer. 2018. DAWG: A defense against cache timing attacks in speculative execution processors. In 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). IEEE, 974--987.
[37]
Fangfei Liu, Hao Wu, Kenneth Mai, and Ruby B Lee. 2016. Newcache: Secure cache architecture thwarting cache side-channel attacks. IEEE Micro 36, 5 (2016), 8--16.
[38]
Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B Lee. 2015. Last-level cache side-channel attacks are practical. In 2015 IEEE symposium on security and privacy. IEEE, 605--622.
[39]
Miles Arthur Munson and Jesse S Cross. 2011. Deep PDF parsing to extract features for detecting embedded malware. Technical Report. Sandia National Laboratories (SNL), Albuquerque, NM, and Livermore, CA ....
[40]
Divya Ojha and Sandhya Dwarkadas. 2021. TimeCache: Using Time to Eliminate Cache Side Channels when Sharing Software. In 2021 ACM/IEEE 48th Annual International Symposium on Computer Architecture (ISCA). IEEE, 375--387.
[41]
Hamza Omar, Brandon D'Agostino, and Omer Khan. 2020. OPTIMUS: A security-centric dynamic hardware partitioning scheme for processors that prevent microarchitecture state attacks. IEEE Trans. Comput. 69, 11 (2020), 1558--1570.
[42]
Hamza Omar and Omer Khan. 2020. IRONHIDE: A secure multicore that efficiently mitigates microarchitecture state attacks for interactive applications. In 2020 IEEE International Symposium on High Performance Computer Architecture (HPCA). IEEE, 111--122.
[43]
Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, and Stefan Mangard. 2016. {DRAMA}: Exploiting {DRAM} addressing for cross-cpu attacks. In 25th {USENIX} security symposium ({USENIX} security 16). 565--581.
[44]
Antoon Purnal, Lukas Giner, Daniel Gruss, and Ingrid Verbauwhede. 2021. Systematic analysis of randomization-based protected cache architectures. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE, 987--1002.
[45]
Antoon Purnal, Furkan Turan, and Ingrid Verbauwhede. [n. d.]. Prime+ Scope: Overcoming the Observer Effect for High-Precision Cache Contention Attacks. ([n. d.]).
[46]
Moinuddin K Qureshi. 2018. CEASER: Mitigating conflict-based cache attacks via encrypted-address and remapping. In 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). IEEE, 775--787.
[47]
Moinuddin K Qureshi. 2019. New attacks and defense for encrypted-address cache. In 2019 ACM/IEEE 46th Annual International Symposium on Computer Architecture (ISCA). IEEE, 360--371.
[48]
Moinuddin K Qureshi and Yale N Patt. 2006. Utility-based cache partitioning: A low-overhead, high-performance, runtime mechanism to partition shared caches. In 2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06). IEEE, 423--432.
[49]
Kartik Ramkrishnan, Stephen McCamant, Pen Chung Yew, and Antonia Zhai. 2020. First Time Miss: Low Overhead Mitigation for Shared Memory Cache Side Channels. In 49th International Conference on Parallel Processing-ICPP. 1--11.
[50]
Kartik Ramkrishnan, Antonia Zhai, Stephen McCamant, and Pen Chung Yew. 2019. New attacks and defenses for randomized caches. arXiv preprint arXiv:1909.12302 (2019).
[51]
Jude A Rivers, Gary S Tyson, Edward S Davidson, and Todd M Austin. 1997. On high-bandwidth data cache design for multi-issue processors. In Proceedings of 30th Annual International Symposium on Microarchitecture. IEEE, 46--56.
[52]
Gururaj Saileshwar, Christopher W Fletcher, and Moinuddin Qureshi. 2021. Streamline: a fast, flushless cache covert-channel attack by enabling asynchronous collusion. In Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. 1077--1090.
[53]
Gururaj Saileshwar and Moinuddin Qureshi. 2021. {MIRAGE}: Mitigating Conflict-Based Cache Attacks with a Practical Fully-Associative Design. In 30th {USENIX} Security Symposium ({USENIX} Security 21).
[54]
Daniel Sanchez and Christos Kozyrakis. 2011. Vantage: Scalable and efficient fine-grain cache partitioning. In Proceedings of the 38th annual international symposium on Computer architecture. 57--68.
[55]
Daniel Sanchez and Christos Kozyrakis. 2013. ZSim: Fast and accurate microarchitectural simulation of thousand-core systems. ACM SIGARCH Computer architecture news 41, 3 (2013), 475--486.
[56]
Brian C Schwedock and Nathan Beckmann. 2020. Jumanji: The Case for Dynamic NUCA in the Datacenter. In 2020 53rd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). IEEE, 665--680.
[57]
Youngjoo Shin, Hyung Chan Kim, Dokeun Kwon, Ji Hoon Jeong, and Junbeom Hur. 2018. Unveiling hardware-based data prefetcher, a hidden source of information leakage. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 131--145.
[58]
Anatoly Shusterman, Ayush Agarwal, Sioli O'Connell, Daniel Genkin, Yossi Oren, and Yuval Yarom. 2021. {Prime+ Probe} 1, {JavaScript} 0: Overcoming Browser-based {Side-Channel} Defenses. In 30th USENIX Security Symposium (USENIX Security 21). 2863--2880.
[59]
Anatoly Shusterman, Lachlan Kang, Yarden Haskal, Yosef Meltser, Prateek Mittal, Yossi Oren, and Yuval Yarom. 2019. Robust website fingerprinting through the cache occupancy channel. In 28th {USENIX} Security Symposium ({USENIX} Security 19). 639--656.
[60]
Wei Song, Boya Li, Zihan Xue, Zhenzhen Li, Wenhao Wang, and Peng Liu. 2021. Randomized last-level caches are still vulnerable to cache side-channel attacks! But we can fix it. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE, 955--969.
[61]
Daniel Sorin, Mark Hill, and David Wood. 2011. A primer on memory consistency and cache coherence. Morgan & Claypool Publishers.
[62]
Qinhan Tan, Zhihua Zeng, Kai Bu, and Kui Ren. 2020. PhantomCache: Obfuscating Cache Conflicts with Localized Randomization. In NDSS.
[63]
Thomas Unterluggauer, Austin Harris, Scott Constable, Fangfei Liu, and Carlos Rozas. 2022. Chameleon Cache: Approximating Fully Associative Caches with Random Replacement to Prevent Contention-Based Cache Attacks. In 2022 IEEE International Symposium on Secure and Private Execution Environment Design (SEED). IEEE, 13--24.
[64]
Pepe Vila, Boris Köpf, and José F Morales. 2019. Theory and practice of finding eviction sets. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 39--54.
[65]
Junpeng Wan, Yanxiang Bi, Zhe Zhou, and Zhou Li. [n. d.]. MeshUp: Stateless Cache Side-channel Attack on CPU Mesh. ([n. d.]).
[66]
Junpeng Wan, Yanxiang Bi, Zhe Zhou, and Zhou Li. 2021. Volcano: Stateless Cache Side-channel Attack by Exploiting Mesh Interconnect. arXiv preprint arXiv:2103.04533 (2021).
[67]
Yao Wang, Andrew Ferraiuolo, Danfeng Zhang, Andrew C Myers, and G Edward Suh. 2016. SecDCP: secure dynamic cache partitioning for efficient timing channel protection. In 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC). IEEE, 1--6.
[68]
Zhenghong Wang and Ruby B Lee. 2007. New cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 34th annual international symposium on Computer architecture. 494--505.
[69]
Mario Werner, Thomas Unterluggauer, Lukas Giner, Michael Schwarz, Daniel Gruss, and Stefan Mangard. 2019. Scattercache: Thwarting cache attacks via cache set randomization. In 28th {USENIX} Security Symposium ({USENIX} Security 19). 675--692.
[70]
Zihan Xue, Jinchi Han, and Wei Song. 2023. CTPP: A Fast and Stealth Algorithm for Searching Eviction Sets on Intel Processors. (2023).
[71]
Mengjia Yan, Read Sprabery, Bhargava Gopireddy, Christopher Fletcher, Roy Campbell, and Josep Torrellas. 2019. Attack directories, not caches: Side channel attacks in a non-inclusive world. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 888--904.
[72]
Mengjia Yan, Jen-Yang Wen, Christopher W Fletcher, and Josep Torrellas. 2019. Secdir: a secure directory to defeat directory side-channel attacks. In Proceedings of the 46th International Symposium on Computer Architecture. 332--345.
[73]
Fan Yao, Milos Doroslovacki, and Guru Venkataramani. 2018. Are coherence protocol states vulnerable to information leakage?. In 2018 IEEE International Symposium on High Performance Computer Architecture (HPCA). IEEE, 168--179.
[74]
Yuval Yarom and Katrina Falkner. 2014. FLUSH+ RELOAD: A high resolution, low noise, L3 cache side-channel attack. In 23rd {USENIX} Security Symposium ({USENIX} Security 14). 719--732.
[75]
Yuval Yarom, Daniel Genkin, and Nadia Heninger. 2017. CacheBleed: a timing attack on OpenSSL constant-time RSA. Journal of Cryptographic Engineering 7, 2 (2017), 99--112.
[76]
Ying Ye, Richard West, Zhuoqun Cheng, and Ye Li. 2014. Coloris: a dynamic cache partitioning system using page coloring. In 2014 23rd International Conference on Parallel Architecture and Compilation Techniques (PACT). IEEE, 381--392.
[77]
Xusheng Zhan, Yungang Bao, Christian Bienia, and Kai Li. 2017. PARSEC3. 0: A multicore benchmark suite with network stacks and SPLASH-2X. ACM SIGARCH Computer Architecture News 44, 5 (2017), 1--16.
[78]
Zhaomin Zhu, Koh Johguchi, Hans Jürgen Mattausch, Tetsushi Koide, Tai Hirakawa, and Tetsuo Hironaka. 2003. A novel hierarchical multi-port cache. In ESSCIRC 2004-29th European Solid-State Circuits Conference (IEEE Cat. No. 03EX705). IEEE, 405--408.

Index Terms

  1. Non-Fusion Based Coherent Cache Randomization Using Cross-Domain Accesses

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    ASIA CCS '24: Proceedings of the 19th ACM Asia Conference on Computer and Communications Security
    July 2024
    1987 pages
    ISBN:9798400704826
    DOI:10.1145/3634737
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 01 July 2024

    Check for updates

    Author Tags

    1. cache
    2. side-channel
    3. randomization
    4. sharing
    5. coherence

    Qualifiers

    • Research-article

    Funding Sources

    • NSF

    Conference

    ASIA CCS '24
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 418 of 2,322 submissions, 18%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • 0
      Total Citations
    • 104
      Total Downloads
    • Downloads (Last 12 months)104
    • Downloads (Last 6 weeks)9
    Reflects downloads up to 25 Feb 2025

    Other Metrics

    Citations

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media