Abstract
Randomization has proven to be a effective defense against conflict-based side-channel attacks in a shared cache. It improves security by assigning a unique randomization scheme to each security domain, e.g., though a different hashing function. However, if two domains have shared data, the domains must be fused in order to guarantee correctness (i.e., data coherence). Such domain fusion significantly reduces the effectiveness of randomization and weakens its security protection. We propose randomization with sharing (RAWS), which enables secure cross-domain accesses while enforcing cache coherence (and thus data coherence). Based on RAWS, we design a non-fusion based inter-domain coherence protocol (NF-IDCP). NF-IDCP enables cache coherence by looking up and flushing multiple cache lines associated with shared-writable data during their cross-domain accesses. Furthermore, NF-IDCP uses constant-delay banking to securely reduce the latency of the cache line flushes. We also use a secure tag-based filter (STF) to reduce flush costs, for example, by explicitly storing the exact cache locations to be flushed. The security evaluation shows that conflict attacks on the optimized NF-IDCP structures cannot leak conflict observations at a meaningful rate. Attack simulations using CacheFX demonstrate that domain fusion significantly retards the protection provided by randomization schemes. Performance overhead of SPECrate 2017 and PARSEC 3.0 benchmarks is evaluated on ZSim, a microarchitectural simulator. To study the performance impact on realistic workloads, such as Firefox, Chromium and X Server, we use a cache simulator built on top of PANDA, a full-system emulator. Across all configurations, the average performance overhead is less than 5%, and the hardware overhead is less than 3% compared to a domain-fused randomization.
Original language | English (US) |
---|---|
Title of host publication | ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security |
Publisher | Association for Computing Machinery, Inc |
Pages | 186-202 |
Number of pages | 17 |
ISBN (Electronic) | 9798400704826 |
State | Published - Jul 1 2024 |
Event | 19th ACM Asia Conference on Computer and Communications Security, AsiaCCS 2024 - Singapore, Singapore Duration: Jul 1 2024 → Jul 5 2024 |
Publication series
Name | ACM AsiaCCS 2024 - Proceedings of the 19th ACM Asia Conference on Computer and Communications Security |
---|
Conference
Conference | 19th ACM Asia Conference on Computer and Communications Security, AsiaCCS 2024 |
---|---|
Country/Territory | Singapore |
City | Singapore |
Period | 7/1/24 → 7/5/24 |
Bibliographical note
Publisher Copyright:© 2024 Copyright held by the owner/author(s).
Keywords
- Cache
- Coherence
- Randomization
- Sharing
- Side-channel