Random and Safe Cache Architecture to Defeat Cache Timing Attacks

TL;DR

This paper introduces RaS cache architectures that randomize cache contents to prevent cache timing attacks, effectively defending against various attack types with minimal performance impact.

Contribution

The paper presents a comprehensive cache architecture solution that addresses all known cache timing attacks, combining randomness and safety to enhance security.

Findings

RaS-Spec incurs only 3.8% performance overhead.

RaS+ variants achieve security with 7.9% to 45.2% overhead.

The approach effectively mitigates both speculative and non-speculative cache attacks.

Abstract

Caches have been exploited to leak secret information due to the different times they take to handle memory accesses. Cache timing attacks include non-speculative cache side and covert channel attacks and cache-based speculative execution attacks. We first present a systematic view of the attack and defense space and show that no existing defense has addressed all cache timing attacks, which we do in this paper. We propose Random and Safe (RaS) cache architectures to decorrelate cache state changes from memory requests. RaS fills the cache with ``safe'' cache lines that are likely to be used in the future, rather than with demand-fetched, security-sensitive lines. RaS lifts the restriction on cache fills for accesses that become safe when speculative execution is resolved and authorized. Our RaS-Spec design against cache-based speculative execution attacks has a low 3.8% average performance overhead. RaS+ variants against both speculative and non-speculative attacks have security-performance trade-offs ranging from 7.9% to 45.2% average overhead.