PREFENDER: A Prefetching Defender against Cache Side Channel Attacks as A Pretender

TL;DR

Prefender is a novel prefetcher that predicts attack-related cache accesses to defend against cache side channel attacks while maintaining or improving system performance.

Contribution

It introduces Prefender, a prefetching mechanism that enhances security against cache side channel attacks without sacrificing performance.

Findings

Effective against multiple cache side channel attacks

Maintains or improves performance on SPEC benchmarks

Balances security and efficiency successfully

Abstract

Cache side channel attacks are increasingly alarming in modern processors due to the recent emergence of Spectre and Meltdown attacks. A typical attack performs intentional cache access and manipulates cache states to leak secrets by observing the victim's cache access patterns. Different countermeasures have been proposed to defend against both general and transient execution based attacks. Despite their effectiveness, they mostly trade some level of performance for security, or have restricted security scope. In this paper, we seek an approach to enforcing security while maintaining performance. We leverage the insight that attackers need to access cache in order to manipulate and observe cache state changes for information leakage. Specifically, we propose Prefender, a secure prefetcher that learns and predicts attack-related accesses for prefetching the cachelines to simultaneously help security and performance. Our results show that Prefender is effective against several cache side channel attacks while maintaining or even improving performance for SPEC CPU 2006 and 2017 benchmarks.