IE-Cache: Counteracting Eviction-Based Cache Side-Channel Attacks Through Indirect Eviction - ICT Systems Security and Privacy Protection
Conference Papers Year : 2020

IE-Cache: Counteracting Eviction-Based Cache Side-Channel Attacks Through Indirect Eviction

Abstract

Protecting critical information against eviction-based cache side-channel attacks has always been challenging. In these attacks, attacker reveals secrets by observing cache lines evicted by the co-running applications. A precondition for such attacks is that the attacker needs a set of cache lines mapped to memory addresses belonging to victim, called eviction set. Attacker learns eviction set by loading the cache lines at random and then it observes their evictions as a result of victim access. We have found that the relation between the incoming memory location and the resulting evicted cache line eases the learning of an eviction set. In this paper, we propose Indirect Eviction Cache (IE-Cache) that is based on the principle of indirect eviction to harden the building of eviction set. In an eviction process of IE-Cache, incoming memory triggers series of replacements based on the cached memory addresses and a secure-indexing function, and the last replaced cache line is evicted. This increases the set size and introduces non-evicting cache lines in the eviction set. Through experimental results, we have shown that a 4-way set associative IE-Cache having 1MB and up to 3 replacements per eviction would require an attacker to generate $${\approx }2^{59}$$≈259 memory accesses to learn an eviction set with 99% confidence. Moreover, it achieves 1–3% speedup compared to set-associative cache with a random-replacement policy on PARSEC benchmarks.
Fichier principal
Vignette du fichier
497034_1_En_3_Chapter.pdf (565.76 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

hal-03440838 , version 1 (22-11-2021)

Licence

Identifiers

Cite

Muhammad Asim Mukhtar, Muhammad Khurram Bhatti, Guy Gogniat. IE-Cache: Counteracting Eviction-Based Cache Side-Channel Attacks Through Indirect Eviction. 35th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Sep 2020, Maribor, Slovenia. pp.32-45, ⟨10.1007/978-3-030-58201-2_3⟩. ⟨hal-03440838⟩
44 View
70 Download

Altmetric

Share

More