Randomized Last-Level Caches Are Still Vulnerable to Cache Side-Channel Attacks! But We Can Fix It

TL;DR

This paper demonstrates that current randomized last-level cache defenses are still vulnerable to side-channel attacks, identifies specific flaws, and proposes effective fixes that maintain performance, advocating for their adoption in future processors.

Contribution

It reveals vulnerabilities in existing randomized cache defenses, analyzes attack patterns, and introduces new fix strategies that enhance security without significant performance loss.

Findings

Existing randomized caches are vulnerable to eviction set attacks.

Proposed fixes successfully eliminate vulnerabilities within performance budgets.

Randomized set-associative caches are more practical for commercial adoption.

Abstract

Cache randomization has recently been revived as a promising defense against conflict-based cache side-channel attacks. As two of the latest implementations, CEASER-S and ScatterCache both claim to thwart conflict-based cache side-channel attacks using randomized skewed caches. Unfortunately, our experiments show that an attacker can easily find a usable eviction set within the chosen remap period of CEASER-S and increasing the number of partitions without dynamic remapping, such as ScatterCache, cannot eliminate the threat. By quantitatively analyzing the access patterns left by various attacks in the LLC, we have newly discovered several problems with the hypotheses and implementations of randomized caches, which are also overlooked by the research on conflict-based cache side-channel attack. However, cache randomization is not a false hope and it is an effective defense that should be widely adopted in future processors. The newly discovered problems are corresponding to flaws associated with the existing implementation of cache randomization and are fixable. Several new defense techniques are proposed in this paper. our experiments show that all the newly discovered vulnerabilities of existing randomized caches are fixed within the current performance budget. We also argue that randomized set-associative caches can be sufficiently strengthened and possess a better chance to be actually adopted in commercial processors than their skewed counterparts as they introduce less overhaul to the existing cache structure.