| For decades computers have been designed to run applications fast and energy efficient.As one of the key enabling techniques,caches are utilized to bring recently and frequently used data close to cores.In a typical multi-core computer,each core has its private caches while all cores share a large last-level cache.Since caches are designed to be functionally transparent to software,address space isolation,which provides much of the operating system's security,is relaxed in exchange for extra caching performance gain.For an example,all levels of caches are obliviously shared by multiple processes.Although the accesses towards cached data are strictly regulated by the permission bits in page tables,and the data consistency and coherency is well guaranteed by memory models and coherence protocols,resource isolation is systematically ignored.Contention-based cache side-channel attacks are difficult to defeat because the current implementations of caches expose their internal data layout to software.It allows an attacker to deterministically infer useful information by using sequences of seemingly harmless cache accesses.Cache partitioning is the state-of-the-art defense against contention-based cache side-channel attacks.However,utilizing cache partitioning as a practical defense is far from ideal in reality.Cache partitioning works only when it can differentiate the attacker's data from the victim's data but this differentiation is neither strictly enforced in practice nor future-proof.Cache partitioning also affects the autonomy of cache replacement and hurts performance.Current cache partitioning fails to defeat the recent An C attack.This paper proposes a new one-of-a-kind defense against contention-based cache side-channel attacks.Instead of taking attackers' capability to observe the cache layout for granted and introducing cache partitioning which complicates the cache replacement policy and compromises the cache transparency,it is better to deprive attackers of their ability in observing the cache layout and to actually strengthen the cache transparency.The proposed defense is based on a remapped cache layout(RCL).The defense can defeat the recent An C attack and all the known contention-based cache side-channel attacks.The design principles of the proposed defense also imply that the defense should be future-proof(i.e.,can defeat future contention-based attacks).Two remapped cache layout(RCL)schemes,namely RCLHash and RCL-Random,have been presented.RCL-Hash is an effective defense when an OS actively randomizes its physical to virtual page mapping,while RCL-Random is an independent defense which works effectively with existing offthe-shelf OSs.Both RCL schemes have been added into a typical design of a Linux-ready superscalar processor.Collected from running the SPEC 2006 benchmark on the RCL supported processor in an FPGA and the Gem5 simulator(for a wider range of processor parameters),the detailed evaluation results show that RCL incurs marginal cost in area and clock frequency,and a small overhead in execution time. |
PDF Full Text Request