A novel cache architecture with enhanced performance and security
Zhenghong Wang,Ruby B. Lee +1 more
- pp 83-93
Reads0
Chats0
TLDR
The results show that the proposed cache architecture has low miss rates comparable to a highly associative cache and short access times and power efficiency close to that of a direct-mapped cache, and can thwart cache-based software side-channel attacks, providing both legacy and security-enhanced software a much higher degree of security.Abstract:
Caches ideally should have low miss rates and short access times, and should be power efficient at the same time. Such design goals are often contradictory in practice. Recent findings on efficient attacks based on information leakage in caches have also brought the security issue up front. Design for security introduces even more restrictions and typically leads to significant performance degradation. This paper presents a novel cache architecture that can simultaneously achieve the above goals. Specifically, cache miss rates are reduced with dynamic remapping and longer cache indices, access-time overhead overcome with astute low-level circuit design, and information leakage thwarted by a security-aware cache replacement algorithm together with the performance enhancing mechanisms. We present both theoretical analysis and experimental results, using the SPEC2000 suite to evaluate the cache miss behavior, and CACTI and HSPICE to validate the circuit design. Our results show that the proposed cache architecture has low miss rates comparable to a highly associative cache and short access times and power efficiency close to that of a direct-mapped cache. At the same time it can thwart cache-based software side-channel attacks, providing both legacy and security-enhanced software a much higher degree of security. Additional benefits that the proposed cache architecture can bring, like fault tolerance and hot-spot mitigation, are also discussed briefly.read more
Citations
More filters
Proceedings ArticleDOI
Last-Level Cache Side-Channel Attacks are Practical
TL;DR: This work presents an effective implementation of the Prime+Probe side-channel attack against the last-level cache of GnuPG, and achieves a high attack resolution without relying on weaknesses in the OS or virtual machine monitor or on sharing memory between attacker and victim.
Journal ArticleDOI
Security and Privacy in Cloud Computing
Zhifeng Xiao,Yang Xiao +1 more
TL;DR: The authors obtain a common goal to provide a comprehensive review of the existing security and privacy issues in cloud environments to present the relationships among them, the vulnerabilities that may be exploited by attackers, the threat models, as well as existing defense strategies in a cloud scenario.
Book ChapterDOI
Flush+Flush: A Fast and Stealthy Cache Attack
TL;DR: The Flush+Flush attack as mentioned in this paper uses the execution time of the flush instruction, which depends on whether data is cached or not, to reduce the number of cache misses.
Proceedings ArticleDOI
Cache template attacks: automating attacks on inclusive last-level caches
TL;DR: An automated attack on the T-table-based AES implementation of OpenSSL that is as efficient as state-of-the-art manual cache attacks and can reduce the entropy per character from log2(26) = 4.7 to 1.4 bits on Linux systems is performed.
Proceedings ArticleDOI
HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis
TL;DR: Home Alone is introduced, a system that lets a tenant verify its VMs' exclusive use of a physical machine by using a side-channel in the L2 memory cache as a novel, defensive detection tool.
References
More filters
Proceedings ArticleDOI
Improving direct-mapped cache performance by the addition of a small fully-associative cache and prefetch buffers
TL;DR: In this article, a hardware technique to improve the performance of caches is presented, where a small fully-associative cache between a cache and its refill path is used to place prefetched data and not in the cache.
Posted Content
Cache attacks and Countermeasures: the Case of AES.
TL;DR: In this article, the authors describe side-channel attacks based on inter-process leakage through the state of the CPU's memory cache, which can be used for cryptanalysis of cryptographic primitives that employ data-dependent table lookups.
Book ChapterDOI
Cache attacks and countermeasures: the case of AES
TL;DR: In this article, the authors describe side-channel attacks based on inter-process leakage through the state of the CPU's memory cache, which can be used for cryptanalysis of cryptographic primitives that employ data-dependent table lookups.
Proceedings ArticleDOI
New cache designs for thwarting software cache-based side channel attacks
Zhenghong Wang,Ruby B. Lee +1 more
TL;DR: The results show that the new cache designs with built-in security can defend against cache-based side channel attacks in general-rather than only specific attacks on a given cryptographic algorithm-with very little performance degradation and hardware cost.
Book ChapterDOI
Cache-collision timing attacks against AES
Joseph Bonneau,Ilya Mironov +1 more
TL;DR: The most powerful attack has been shown under optimal conditions to reliably recover a full 128-bit AES key with 213 timing samples, an improvement of almost four orders of magnitude over the best previously published attacks of this type.
Related Papers (5)
New cache designs for thwarting software cache-based side channel attacks
Zhenghong Wang,Ruby B. Lee +1 more
FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack
Yuval Yarom,Katrina Falkner +1 more