RollingCache: Using Runtime Behavior to Defend Against Cache Side Channel Attacks

TL;DR

RollingCache introduces a dynamic cache mapping technique that adapts at runtime to prevent contention-based side channel attacks without relying on encryption or partitioning, maintaining low performance overhead.

Contribution

It proposes a novel cache design that dynamically changes address mappings to defend against contention attacks, unlike prior static or partitioning-based methods.

Findings

Reduces deterministic contention signals

Achieves 1.67% performance overhead

Effectively defends against cache side channel attacks

Abstract

Shared caches are vulnerable to side channel attacks through contention in cache sets. Besides being a simple source of information leak, these side channels form useful gadgets for more sophisticated attacks that compromise the security of shared systems. The fundamental design aspect that contention attacks exploit is the deterministic nature of the set of addresses contending for a cache set. In this paper, we present RollingCache, a cache design that defends against contention attacks by dynamically changing the set of addresses contending for cache sets. Unlike prior defenses, RollingCache does not rely on address encryption/decryption, data relocation, or cache partitioning. We use one level of indirection to implement dynamic mapping controlled by the whole-cache runtime behavior. Our solution does not depend on having defined security domains, and can defend against an attacker running on the same or another core. We evaluate RollingCache on ChampSim using the SPEC-2017 benchmark suite. Our security evaluation shows that our dynamic mapping removes the deterministic ability to identify the source of contention. The performance evaluation shows an impact of 1.67\% over a mix of workloads, with a corresponding