TY - GEN
T1 - Adaptive caches as a defense mechanism against cache side-channel attacks
AU - Bandara, Sahan
AU - Kinsy, Michel A.
N1 - Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019/11/15
Y1 - 2019/11/15
N2 - Side-channel attacks exploit architectural features of computing systems and algorithmic properties of applications executing on these systems to steal sensitive information. Cache side-channel attacks are more powerful and practical compared to other classes of side-channel attacks due to several factors, such as the ability to be mounted without physical access to the system. Some secure cache architectures have been proposed to counter side-channel attacks. However, they all incur significant performance overheads. This work explores the viability of using adaptive caches, which are conventionally used as a performance-oriented architectural feature, as a defense mechanism against cache side-channel attacks. We conduct an empirical analysis, starting from establishing a baseline for the attacker's ability to infer information regarding the memory accesses of the victim process when there is no active defense mechanism in place and the attacker is fully aware of all the cache parameters. Then, we analyze the effectiveness of the attack without complete knowledge of the cache configuration. Finally, based on the insight that the success of the attack is heavily dependent on knowledge of the cache configuration, we implement the run-time cache reconfigurations and observe their effect on the success of the attack. We observe that reconfiguring different cache parameters during a side-channel attack reduces the accuracy of the attack in detecting cache sets accessed by the victim by 44% on average, with a maximum of 90% reduction.
AB - Side-channel attacks exploit architectural features of computing systems and algorithmic properties of applications executing on these systems to steal sensitive information. Cache side-channel attacks are more powerful and practical compared to other classes of side-channel attacks due to several factors, such as the ability to be mounted without physical access to the system. Some secure cache architectures have been proposed to counter side-channel attacks. However, they all incur significant performance overheads. This work explores the viability of using adaptive caches, which are conventionally used as a performance-oriented architectural feature, as a defense mechanism against cache side-channel attacks. We conduct an empirical analysis, starting from establishing a baseline for the attacker's ability to infer information regarding the memory accesses of the victim process when there is no active defense mechanism in place and the attacker is fully aware of all the cache parameters. Then, we analyze the effectiveness of the attack without complete knowledge of the cache configuration. Finally, based on the insight that the success of the attack is heavily dependent on knowledge of the cache configuration, we implement the run-time cache reconfigurations and observe their effect on the success of the attack. We observe that reconfiguring different cache parameters during a side-channel attack reduces the accuracy of the attack in detecting cache sets accessed by the victim by 44% on average, with a maximum of 90% reduction.
KW - Attack mitigation
KW - Cache side-channel attack
KW - Reconfigurable cache
UR - http://www.scopus.com/inward/record.url?scp=85075865184&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85075865184&partnerID=8YFLogxK
U2 - 10.1145/3338508.3359574
DO - 10.1145/3338508.3359574
M3 - Conference contribution
AN - SCOPUS:85075865184
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 55
EP - 64
BT - ASHES 2019 - Proceedings of the 3rd ACM Workshop on Attacks and Solutions in Hardware Security Workshop
PB - Association for Computing Machinery
T2 - 3rd ACM Workshop on Attacks and Solutions in Hardware Security Workshop, ASHES 2019, a Post-Conference Satellite Workshop of the ACM Conference on Computer and Communications Security, CCS 2019
Y2 - 15 November 2019
ER -