TY - GEN
T1 - Randomized last-level caches are still vulnerable to cache side-channel attacks! But we can fix it
AU - Song, Wei
AU - Li, Boya
AU - Xue, Zihan
AU - Li, Zhenzhen
AU - Wang, Wenhao
AU - Liu, Peng
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021/5
Y1 - 2021/5
N2 - Cache randomization has recently been revived as a promising defense against conflict-based cache side-channel attacks. As two of the latest implementations, CEASER-S and ScatterCache both claim to thwart conflict-based cache side-channel attacks using randomized skewed caches. Unfortunately, our experiments show that an attacker can easily find a usable eviction set within the chosen remap period of CEASER-S and increasing the number of partitions without dynamic remapping, such as ScatterCache, cannot eliminate the threat. By quantitatively analyzing the access patterns left by various attacks in the LLC, we have newly discovered several problems with the hypotheses and implementations of randomized caches, which are also overlooked by the research on conflict-based cache side-channel attacks.However, cache randomization is not a false hope and it is an effective defense that should be widely adopted in future processors. The newly discovered problems are corresponding to flaws associated with the existing implementation of cache randomization and are fixable. Several new defense ideas are proposed in this paper. Our experiments show that all the newly discovered problems are fixed within the current performance budget. We also argue that randomized set-associative caches can be sufficiently strengthened and possess a better chance to be actually adopted in commercial processors than their skewed counterparts because they introduce less overhaul to the existing cache structure.
AB - Cache randomization has recently been revived as a promising defense against conflict-based cache side-channel attacks. As two of the latest implementations, CEASER-S and ScatterCache both claim to thwart conflict-based cache side-channel attacks using randomized skewed caches. Unfortunately, our experiments show that an attacker can easily find a usable eviction set within the chosen remap period of CEASER-S and increasing the number of partitions without dynamic remapping, such as ScatterCache, cannot eliminate the threat. By quantitatively analyzing the access patterns left by various attacks in the LLC, we have newly discovered several problems with the hypotheses and implementations of randomized caches, which are also overlooked by the research on conflict-based cache side-channel attacks.However, cache randomization is not a false hope and it is an effective defense that should be widely adopted in future processors. The newly discovered problems are corresponding to flaws associated with the existing implementation of cache randomization and are fixable. Several new defense ideas are proposed in this paper. Our experiments show that all the newly discovered problems are fixed within the current performance budget. We also argue that randomized set-associative caches can be sufficiently strengthened and possess a better chance to be actually adopted in commercial processors than their skewed counterparts because they introduce less overhaul to the existing cache structure.
UR - http://www.scopus.com/inward/record.url?scp=85115084910&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85115084910&partnerID=8YFLogxK
U2 - 10.1109/SP40001.2021.00050
DO - 10.1109/SP40001.2021.00050
M3 - Conference contribution
AN - SCOPUS:85115084910
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 955
EP - 969
BT - Proceedings - 2021 IEEE Symposium on Security and Privacy, SP 2021
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 42nd IEEE Symposium on Security and Privacy, SP 2021
Y2 - 24 May 2021 through 27 May 2021
ER -