Affiliation:
1. National Digital Switching System Engineering and Technological Research Center, Information Engineering University, 7 Jianxuejie, Zhengzhou, He’nan, P. R. China
Abstract
Cache side channel attacks have been used to extract users’ sensitive information such as cryptographic keys. In particular, the reuse-based cache side channel attacks exploit the shared code or data between the attacker and the victim, which can steal the secret with high speed and precision. It has threatened not only the host level but also the cloud level severely. Previous defensive measures are either not flexible enough, or cause a high performance or storage overhead. In this work, we present a dynamic first access isolation cache that eliminates reuse-based cache side channel attacks by providing fine grained first access isolation to overcome these problems. First of all, there are [Formula: see text] bits in each cache line to record the access information and prevent the first time cache hit state brought by the victim from being utilized by the attacker while keeping data shared. Second, we use hierarchy security levels and domains to achieve flexible one way isolation between different domains, and the domains can be a group of processes, a single process, or even a fraction of code. Finally, the monitoring-driven dynamic scheduling mechanism can change the level of a domain at run time, which improves the robustness of this new design. The solution works at all the cache levels and defends against attackers running both on local and cloud. Our implementation in the Zsim simulator demonstrates that the performance overhead for standard performance evaluation corporation 2017 is less than 0.1%, and 0.21% for the multi-thread benchmarks. It performs better than the original first time miss design because of the one way isolation in our design. The only hardware modification is the [Formula: see text] bits per cache line, and several security registers per hardware context, which only brings 3.71% storage overhead.
Publisher
World Scientific Pub Co Pte Ltd
Subject
Electrical and Electronic Engineering,Hardware and Architecture,Media Technology