Remapped Cache Layout: Thwarting Cache-Based Side-Channel Attacks with a Hardware Defense

TL;DR

This paper introduces Remapped Cache Layout (RCL), a hardware-based method that obfuscates address-to-cache set mappings to prevent a wide range of conflict-based cache side-channel attacks, with minimal performance impact.

Contribution

RCL is the first hardware defense that effectively thwarts conflict-based cache side-channel attacks that bypass existing protections like cache partitioning and address space randomization.

Findings

RCL successfully prevents various conflict-based side-channel attacks.

Implementation of RCL incurs minimal area, frequency, and execution time costs.

RCL is effective against attacks that create eviction sets or bypass address randomization.

Abstract

As cache-based side-channel attacks become serious security problems, various defenses have been proposed and deployed in both software and hardware. Consequently, cache-based side-channel attacks on processes co-residing on the same core are becoming extremely difficult. Most of recent attacks then shift their focus to the last-level cache (LLC). Although cache partitioning is currently the most promising defense against the attacks abusing LLC, it is ineffective in thwarting the side-channel attacks that automatically create eviction sets or bypass the user address space layout randomization. In fact, these attacks are largely undefended in current computer systems. We propose Remapped Cache Layout (\textsf{RCL}) -- a pure hardware defense against a broad range of conflict-based side-channel attacks. \textsf{RCL} obfuscates the mapping from address to cache sets; therefore, an attacker cannot accurately infer the location of her data in caches or using a cache set to infer her victim's data. To our best knowledge, it is the first defense to thwart the aforementioned largely undefended side-channel attacks . \textsf{RCL} has been implemented in a superscalar processor and detailed evaluation results show that \textsf{RCL} incurs only small costs in area, frequency and execution time.