Research On Defense Mechanisms Of Cross Core Cache Timing Side Channel Attacks

In today’s information age,precessors are the core component of intelligent devices,and their security is the cornerstone of the whole network security system.Caches bridge the speed gap between processors and main memory,are one of the classic designs commonly adopted by modern processors.However,cache timing side channel attacks exploit the timing difference of different cache hierarchies and memory as a channel to obtain cache access patterns from victim processes,thus extracting unauthorized security-critical information from systems.Moreover,such attacks are also considered an important part of the information disclosure chain by speculative execution vulnerabilities represented by Spectre and Meltdown.This growing threat demonstrates the urgency of building a secure cache.Among cache timing side channel attacks,cross-core cache timing side channel attacks are more threatening scenarios as they relax restrictions,that is,the attacker and the victim do not need to run on the same physical core.While industry and academia have gradually attached importance to such attacks and put forward many mitigations,there are still two shortcomings: 1.The generality of the defense mechanism.Commercial processors may have inclusive or non-inclusive cache architectures for performance,cost,and other factors.Different cache architectures differ in implementation details such as coherency protocol and replacement policies,resulting in a large number of attack variants.Many defense mechanisms do not consider portability between different architectures.2.The defense mechanism of its security risks.Exploiting reverse-engineering,researchers have revealed many unpublicized implementations in systems.This suggests that an attacker may be aware of any deployed defense mechanisms and try to bypass them.However,these defense solutions generally do not take into account the security in this case.This paper focuses on cross-core cache timing side channel attacks,a core security issue in processors.By analyzing the commonality of attacks,this paper explores the balanced cache design of security,cost,and performance from the microarchitecture level.While effectively mitigating attacks(include conflict-based and flush-based side channel attacks),proposed schemes also address the above defects.Overall,the main contributions of this paper include:1.This paper proposes a probabilistic replacement defense policy based on cache set granularity to mitigate conflict-based side channel attacks.The mechanism uses a counter table to record the number of accesses per cache set.Once the value reaches a threshold,the corresponding set is considered suspicious.By introducing invalid and uncacheable requests,the replacement policy for suspicious sets changes,interfering with the attacker’s observations.Specifically,when a request hits the LLC,it evicts a cache line from the corresponding set.If the request occurs an LLC replacement,it takes data from memory and the data no longer enters caches.Combined with probability triggering,this solution mitigates the most threatening conflict-based side channel attacks with negligible performance degradation.2.This paper put forward traffic confusion defense mechanisms based on cache line granularity,which can defend against both conflict-based and flush-based side channel attacks.This paper observes that cross-core cache timing side channel attacks cause the attacked cache lines to migrate frequently be tween caches and memory,exhibiting ping-pong patterns.Since different cache architectures exhibit different types of ping-pong patterns under attacks,we need to design targeted traffic confusion defense mechanisms to interfere with attacks.For inclusive caches,the mechanism extends the directory structure to record the number of LLC-Memory ping-pong each cache line.Once the value reaches a threshold,the corresponding line is retrieved back to caches.For non-inclusive caches,the mechanism extends the directory structure to record the number of L2-LLC and L2-Memory ping-pong each cache line.Once the value reaches a threshold,the corresponding line is identified as suspicious.Defensive actions(retrieves the attacked line back to caches and pins the directory entry to the last-level directory)are triggered to address the two types of ping-pong patterns described above separately.By capturing and obscuring cache lines with suspicious traffic,the mechanism can protect against both conflict-based and flush-based side channel attacks with appropriate hardware overhead.3.This paper put forward a dynamic remapping defense mechanism based on address encryption to eliminate the security risk in traffic confusion defense mechanisms.We demonstrate that attackers can clear protected data from the added regulator directory and bypass the traffic confusion defense mechanism at a second level.In order to eliminate this security risk,a dynamic remapping defense mechanism is proposed.With address encryption and periodic changing keys,the mapping relationship from the physical address to the regulator directory location changes dynamically.With little performance degradation and storage overhead,this approach can tolerate 100+ years of attacks.The defense scheme proposed in this paper can provide a theoretical basis for future security processor design,inspire architecture practitioners to think about microarchitecture design from the perspective of performance,cost,and security balance,and increase China’s technical reserves in this field.