The Avatar Cache: Enabling On-Demand Security with Morphable Cache Architecture

TL;DR

The paper introduces Avatar, a versatile cache architecture that dynamically switches between secure and non-secure modes with minimal overhead, enhancing cache security without sacrificing performance.

Contribution

It presents Avatar, a morphable LLC design supporting multiple security modes with seamless switching, achieving strong security guarantees and low overheads compared to prior secure cache solutions.

Findings

Avatar-R achieves near-absolute security with minimal capacity loss.

Avatar-P significantly reduces conflict and occupancy attacks with low performance overhead.

Avatar can switch modes dynamically, optimizing security and efficiency as needed.

Abstract

The sharing of the last-level cache (LLC) among multiple cores makes it vulnerable to cross-core conflict- and occupancy-based attacks. Despite extensive prior work, modern processors still employ non-secure set-associative LLCs. Existing secure LLC designs broadly fall into two categories: (i) randomized and (ii) partitioned. The state-of-the-art randomized design, Mirage, mitigates conflict-based attacks but incurs significant area overhead (20% additional storage) and design complexity. Partitioned LLCs mitigate both conflict- and occupancy-based attacks, but often suffer from large performance overheads (on average over 5% and up to 49%), require OS support in set-based schemes, or face scalability issues in way-based schemes. These factors pose major obstacles to the industrial adoption of secure LLCs. This paper asks whether strong LLC security can be achieved with minimal changes to a conventional set-associative LLC, enabling security only when needed while preserving low performance, power, and area overheads. We propose Avatar, a secure and morphable LLC that supports three modes: non-secure (Avatar-N), randomized secure (Avatar-R), and partitioned secure (Avatar-P), and can switch dynamically between them. Avatar closely resembles a conventional set-associative LLC, facilitating industrial adoption. Avatar-R introduces extra invalid entries and leverages high associativity to provide a strong security guarantee with little capacity loss, achieving only one set-associative eviction per $10^{30}$ years, while incurring 1.5% storage overhead, a 2.7% increase in static power, and a 0.2% slowdown over a 16~MB baseline. Avatar-P mitigates both conflict- and occupancy-based attacks with only a 3% performance overhead, substantially outperforming prior way-based partitioned LLCs. When security is unnecessary, Avatar switches to Avatar-N to maximize performance and energy efficiency.