PCG: Mitigating Conflict-based Cache Side-channel Attacks with Prefetching

TL;DR

This paper introduces PCG, a novel prefetching-based scheme that effectively mitigates conflict-based cache side-channel attacks by generating indistinguishable cache access patterns, achieving robust security with minimal performance impact.

Contribution

The paper presents PCG, a new prefetching scheme that combines cache occupancy manipulation to enhance security against cache attacks without significant performance loss.

Findings

PCG outperforms existing solutions in security robustness.

PCG achieves an average of 1.64% performance improvement.

PCG incurs only 1.26% hardware overhead.

Abstract

To defend against conflict-based cache side-channel attacks, cache partitioning or remapping techniques were proposed to prevent set conflicts between different security domains or obfuscate the locations of such conflicts. But such techniques complicate cache design and may result in significant performance penalties. Therefore, there have been lightweight prefetching-based schemes proposed to introduce noise to confuse attackers' observation. However, we have validated experimentally that relying on prefetching to only introduce noise is insufficient, as attackers can still reliably distinguish the victim's cache accesses. This paper proposes a novel prefetching-based scheme, called PCG. It combines adding victim-irrelevant cache occupancy changes and reducing victim-relevant cache occupancy changes to disrupt attackers by generating noisy and indistinguishable cache access patterns. Additionally, PCG can either work independently or seamlessly be integrated with most of the commonly used prefetchers. We have implemented and evaluated PCG in both gem5 and the open-source RISC-V core BOOMv3. The evaluation results show the PCG's robust security superior to the existing solutions, while without resulting in significant performance degradation. According to the evaluation based on the SPEC CPU 2017 benchmark suite, PCG even shows an average performance improvement of about 1.64%. Moreover, it incurs only 1.26% overhead on hardware resource consumption.