Non-Fusion Based Coherent Cache Randomization Using Cross-Domain Accesses

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Randomization has proven to be a effective defense against conflict-based side-channel attacks in a shared cache. It improves security by assigning a unique randomization scheme to each security domain, e.g., though a different hashing function. However, if two domains have shared data, the domains must be fused in order to guarantee correctness (i.e., data coherence). Such domain fusion significantly reduces the effectiveness of randomization and weakens its security protection. We propose randomization with sharing (RAWS), which enables secure cross-domain accesses while enforcing cache coherence (and thus data coherence). Based on RAWS, we design a non-fusion based inter-domain coherence protocol (NF-IDCP). NF-IDCP enables cache coherence by looking up and flushing multiple cache lines associated with shared-writable data during their cross-domain accesses. Furthermore, NF-IDCP uses constant-delay banking to securely reduce the latency of the cache line flushes. We also use a secure tag-based filter (STF) to reduce flush costs, for example, by explicitly storing the exact cache locations to be flushed. The security evaluation shows that conflict attacks on the optimized NF-IDCP structures cannot leak conflict observations at a meaningful rate. Attack simulations using CacheFX demonstrate that domain fusion significantly retards the protection provided by randomization schemes. Performance overhead of SPECrate 2017 and PARSEC 3.0 benchmarks is evaluated on ZSim, a microarchitectural simulator. To study the performance impact on realistic workloads, such as Firefox, Chromium and X Server, we use a cache simulator built on top of PANDA, a full-system emulator. Across all configurations, the average performance overhead is less than 5%, and the hardware overhead is less than 3% compared to a domain-fused randomization.

Original languageEnglish (US)
Title of host publicationACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery, Inc
Pages186-202
Number of pages17
ISBN (Electronic)9798400704826
StatePublished - Jul 1 2024
Event19th ACM Asia Conference on Computer and Communications Security, AsiaCCS 2024 - Singapore, Singapore
Duration: Jul 1 2024Jul 5 2024

Publication series

NameACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security

Conference

Conference19th ACM Asia Conference on Computer and Communications Security, AsiaCCS 2024
Country/TerritorySingapore
CitySingapore
Period7/1/247/5/24

Bibliographical note

Publisher Copyright:
© 2024 Copyright held by the owner/author(s).

Keywords

  • Cache
  • Coherence
  • Randomization
  • Sharing
  • Side-channel

Fingerprint

Dive into the research topics of 'Non-Fusion Based Coherent Cache Randomization Using Cross-Domain Accesses'. Together they form a unique fingerprint.

Cite this