Fast Selective Flushing to Mitigate Contention-based Cache Timing Attacks

TL;DR

This paper introduces FaSe, a hardware/software method for fast, selective cache flushing to effectively mitigate contention-based cache timing attacks with minimal performance and hardware overhead.

Contribution

FaSe is the first hardware/software cache flush technique that selectively evicts cache lines, significantly reducing overhead and improving security against cache timing attacks.

Findings

Reduces cache flush overhead by 36-42%.

Less than 1% hardware overhead.

Effectively mitigates cache timing attacks.

Abstract

Caches are widely used to improve performance in modern processors. By carefully evicting cache lines and identifying cache hit/miss time, contention-based cache timing channel attacks can be orchestrated to leak information from the victim process. Existing hardware countermeasures explored cache partitioning and randomization, are either costly, not applicable for the L1 data cache, or are vulnerable to sophisticated attacks. Countermeasures using cache flush exist but are slow since all cache lines have to be evacuated during a cache flush. In this paper, we propose for the first time a hardware/software flush-based countermeasure, called fast selective flushing (FaSe). By utilizing an ISA extension (one flush instruction) and cache modification (additional state bits and control logic), FaSe selectively flushes cache lines and provides a mitigation method with a similar effect to existing methods using naive flushing methods. FaSe is implemented on RISC-V Rocket Core/Chip and evaluated on Xilinx FPGA running user programs and the Linux operating system. Our experimental results show that FaSe reduces time overhead significantly by 36% for user programs and 42% for the operating system compared to the methods with naive flushing, with less than 1% hardware overhead. Our security test shows FaSe is capable of mitigating target cache timing attacks.