TY - GEN
T1 - Secure hierarchy-aware cache replacement policy (SHARP)
T2 - 44th Annual International Symposium on Computer Architecture - ISCA 2017
AU - Yan, Mengjia
AU - Gopireddy, Bhargava
AU - Shull, Thomas
AU - Torrellas, Josep
N1 - Publisher Copyright:
© 2017 Association for Computing Machinery.
PY - 2017/6/24
Y1 - 2017/6/24
N2 - In cache-based side channel attacks, a spy that shares a cache with a victim probes cache locations to extract information on the victim's access patterns. For example, in evict+reload, the spy repeatedly evicts and then reloads a probe address, checking if the victim has accessed the address in between the two operations. While there are many proposals to combat these cache attacks, they all have limitations: they either hurt performance, require programmer intervention, or can only defend against some types of attacks. This paper makes the following observation for an environment with an inclusive cache hierarchy: when the spy evicts the probe address from the shared cache, the address will also be evicted from the private cache of the victim process, creating an inclusion victim. Consequently, to disable cache attacks, this paper proposes to alter the line replacement algorithm of the shared cache, to prevent a process from creating inclusion victims in the caches of cores running other processes. By enforcing this rule, the spy cannot evict the probe address from the shared cache and, hence, cannot glimpse any information on the victim's access patterns. We call our proposal SHARP (Secure Hierarchy-Aware cache Replacement Policy). SHARP effciently defends against all existing cross-core shared-cache attacks, needs only minimal hardware modifcations, and requires no code modifcations. We implement SHARP in a cycle-level full-system simulator. We show that it protects against real-world attacks, and that it introduces negligible average performance degradation.
AB - In cache-based side channel attacks, a spy that shares a cache with a victim probes cache locations to extract information on the victim's access patterns. For example, in evict+reload, the spy repeatedly evicts and then reloads a probe address, checking if the victim has accessed the address in between the two operations. While there are many proposals to combat these cache attacks, they all have limitations: they either hurt performance, require programmer intervention, or can only defend against some types of attacks. This paper makes the following observation for an environment with an inclusive cache hierarchy: when the spy evicts the probe address from the shared cache, the address will also be evicted from the private cache of the victim process, creating an inclusion victim. Consequently, to disable cache attacks, this paper proposes to alter the line replacement algorithm of the shared cache, to prevent a process from creating inclusion victims in the caches of cores running other processes. By enforcing this rule, the spy cannot evict the probe address from the shared cache and, hence, cannot glimpse any information on the victim's access patterns. We call our proposal SHARP (Secure Hierarchy-Aware cache Replacement Policy). SHARP effciently defends against all existing cross-core shared-cache attacks, needs only minimal hardware modifcations, and requires no code modifcations. We implement SHARP in a cycle-level full-system simulator. We show that it protects against real-world attacks, and that it introduces negligible average performance degradation.
KW - Cache
KW - Cache replacement
KW - Security
KW - Side channel
UR - http://www.scopus.com/inward/record.url?scp=85025667608&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85025667608&partnerID=8YFLogxK
U2 - 10.1145/3079856.3080222
DO - 10.1145/3079856.3080222
M3 - Conference contribution
AN - SCOPUS:85025667608
T3 - Proceedings - International Symposium on Computer Architecture
SP - 347
EP - 360
BT - ISCA 2017 - 44th Annual International Symposium on Computer Architecture - Conference Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 24 June 2017 through 28 June 2017
ER -