research-article

Open access

Non-monopolizable caches: Low-complexity mitigation of cache side channel attacks

Authors:

Leonid Domnitser,

Nael Abu-Ghazaleh,

Dmitry PonomarevAuthors Info & Claims

ACM Transactions on Architecture and Code Optimization (TACO), Volume 8, Issue 4

Article No.: 35, Pages 1 - 21

https://doi.org/10.1145/2086696.2086714

Published: 26 January 2012 Publication History

Abstract

We propose a flexibly-partitioned cache design that either drastically weakens or completely eliminates cache-based side channel attacks. The proposed Non-Monopolizable (NoMo) cache dynamically reserves cache lines for active threads and prevents other co-executing threads from evicting reserved lines. Unreserved lines remain available for dynamic sharing among threads. NoMo requires only simple modifications to the cache replacement logic, making it straightforward to adopt. It requires no software support enabling it to automatically protect pre-existing binaries. NoMo results in performance degradation of about 1% on average. We demonstrate that NoMo can provide strong security guarantees for the AES and Blowfish encryption algorithms.

References

[1]

Aciicmez, O. and Koh, C. 2006. Trace-driven cache attacks on aes. Cryptology ePrint Archive rep. 2006/138.

[2]

ARM. 2010--2011. Cortex-r5 and cortex-r5f: A technical reference manual, revision r1p1. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0460c/DDI0460C_cortexr5_trm.pdf (accessed 7/11).

[3]

Backes, M., Durmuth, M., Gerling, S., Pinkal, M., and Sporleder, C. 2010. Acoustic side-channel attacks on printers. In Proceedings of the USENIX Security Symposium.

Digital Library

[4]

Bangerter, E., Gullasch, D., and Krenn, S. 2011. Cache games - bringing access-based cache attacks on aes to practice. In Proceedings of IEEE Symposium on Security and Privacy.

Digital Library

[5]

Bernstein, D. 2005. Cache-timing attacks on AES. http://cr.yp.to/antiforgery/cachetiming-20050414.pdf.

[6]

Biham, E. and Shamir, A. 1991. Packaging of multi-core microprocessors: Tradeoffs and potential solutions. J. Cryptology 4, 1, 3--72.

Digital Library

[7]

Blowfish. 2009. The blowfish encryption algorithm. http://www.schneier.com/blowfish.html.

[8]

Bonneau, J. and Mironov, I. 2006. Cache-collision timing attacks against aes. In Proceedings of the CHES Workshop.

Digital Library

[9]

Brickell, E., Graunke, G., Neve, M., and Seifert, J. 2006. Software mitigation to hedge aes against cache-based software side channel vulnerabilities. IACR ePrint Archive, rep. 2006/052.

[10]

Canteaut, A., Lauradoux, C., and Seznec, A. 2006. Understanding cache attacks. INRIA Tech. rep. ftp://ftp.inria.fr/INRIA/publication/publi-pdf/RR/RR-5881.pdf.

[11]

Daemen, J. and Rijmen, V. 2002. The Design of Rijndael: AES - The Advanced Encryption Standard. Springer.

Digital Library

[12]

Goubin, L. and Patarin, J. 1999. DES and differential power analysis. In Proceedings of the CHES.

Digital Library

[13]

Gueron, S. 2008. Advanced encryption standard (AES) instruction set. White paper, Intel.

[14]

Jaleel, A., Theobald, K., Steely, S., and Emer, J. 2010. High performance cache replacement using re-reference interval prediction (rrip). In Proceedings of the International Symposium on Computer Architecture (ISCA).

Digital Library

[15]

Kelsey, J., Shneier, B., Wagner, D., and Hall, C. 1998. Side channel cryptanalysis of product ciphers. In Proceedings of the 5th European Symposium on Research in Computer Security. 97--110.

Digital Library

[16]

Keramidas, G., Antonopoulos, A., Serpanos, D., and Kaxiras, S. 2008. Non-deterministic caches: A simple and effective defense against side channel attacks. Design Automation Embedd. Syst.

[17]

Kong, J., Aclicmez, O., Seifert, J., and Zhou, H. 2009. Hardware-software integrated approaches to defend against software cache-based side channel attacks. In Proceedings of the International Symposium on High Performance Computer Architecture (HPCA).

[18]

Kopf, B. and Basin, D. 2007. An information-theoretic model for adaptive side-channel attacks. In Proceedings of the ACM Conference on Computer and Communication Security (CCS). 286--296.

Digital Library

[19]

Lee, R. and Chen, Y. 2010. A processor accelerator for aes. In Proceedings of the Symposium on Application Specific Processors (SASP).

Digital Library

[20]

Luk, C., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Reddi, V., and Hazelwood, K. 2005. PIN: Building customized program analysis tools with dynamic instrumentation. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI).

Digital Library

[21]

Luo, K. and Franklin, M. 2001. Balancing throughput and fairness in smt processors. In Proceedings of the International Symposium on Performance Analysis of Systems and Software.

[22]

Matsui, M. 1994. Linear cryptanalysis method for DES cipher. In Proceedings of the Advances in Cryptology, 386--397.

Digital Library

[23]

May, D., Muller, H., and Smart, N. 2001. Randomized register renaming to foil DPA. In Proceedings of CHES.

Digital Library

[24]

Mibench. 2009. The MiBench benchmark suite. http://www.eecs.umich.edu/mibench/.

[25]

Micali, S. and Reyzin, L. 2004. Physically observable cryptography. In Proceedings of the Theory of Cryptography Conference.

[26]

NEHALEM. 2009. First the tick, now the tock: Intel microarchitecture (nehalem). http://www.intel.com/technology/architecture-silicon/next-gen/319724.pdf.

[27]

Osvik, D., Shamir, A., and Tromer, E. 2005. Cache attacks and countermeasures: the case of aes. Cryptology ePrint Archive, rep. 2005/271.

[28]

Page, D. 2005. Partitioned cache architecture as a side-channel defense mechanism. Cryptology ePrint Archive.

[29]

Percival, C. 2005. Cache missing for fun and profit. http://www.daemonology.net/papers/htt.pdf.

[30]

Pinpoints. 2009. Pinpoints home page. http://www.cs.virginia.edu/wiki/pin/index.php/PinPoints.

[31]

Qureshi, M. and Patt, Y. 2006. Utility-based partitioning: A low-overhead, high-performance, runtime mechanism to partition shared caches. In Proceedings of the International Symposium on Microarchitecture (MICRO-39). 423--432.

Digital Library

[32]

Random. 2009. Random.org. http://www.random.org/.

[33]

Side. 2009. Side channel attacks database. http://www.sidechannelattacks.com.

[34]

Spradling, C. D. 2007. Spec cpu2006 benchmark tools. SIGARCH Comput. Archit. News 35, 1, 130--134.

Digital Library

[35]

Standaert, F.-X., Peeters, E., Archambeau, C., and Quisquater, J.-J. 2006. Towards security limits in side-channel attacks. In Proceedings of the CHES Workshop.

Digital Library

[36]

Suh, E., Rudolph, L., and Devadas, S. 2001. Dynamic cache partitioning for simultaneous multithreading systems. In Proceedings of the International Conference on Parallel and Distributed Computing and Systems (PDCS'01).

[37]

Tromer, E., Shamir, A., and Osvik, D. 2009. Efficient cache attacks on aes, and countermeasures. J. Cryptology.

Digital Library

[38]

Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., and Miyauchi, H. 2003. Crypronalysis of des implemented on computers with cache. In Proceedings of the Cryptographic Hardware and Embedded Systems (CHES) Workshop. 62--76.

[39]

Tsunoo, Y., Tsujihara, E., Minematsu, K., and Miyauchi, H. 2002. Crypronalysis of block ciphers implemented on computers with cache. In Proceedings of the ICITA Conference.

[40]

Wang, Z. and Lee, R. 2007. New cache designs for thwarting software cache-based side channel attacks. In Proceedings of the International Symposium on Computer Architecture (ISCA).

Digital Library

[41]

Wang, Z. and Lee, R. 2008. A novel cache architecture with enhanced performance and security. In Proceedings of the International Symposium on Microarchitecture (MICRO).

Digital Library

[42]

Xie, Y. and Loh, G. 2009. PIPP: Promotion/insertion pseudo-partitioning of multi-core shared caches. In Proceedings of the International Symposium on Computer Architecture (ISCA).

Digital Library

[43]

Zhao, X. and Wang, T. 2010. Improved cache trace attack on AES and CLEFIA by considering cache miss and s-box misalignment. Cryptology ePrint Archive, rep. 2010/056.

[44]

Zhou, S. 2010. An efficient simulation algorithm for cache of random replacement policy. Lecture Notes in Computer Science vol. 6289, 144--154.

Digital Library

Cited By

Ferguson EWilson ANaghibijouybari HQuek TGao DZhou JCardenas A(2024)WebGPU-SPY: Finding Fingerprints in the Sandbox through GPU Cache AttacksProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637648(158-171)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637648
Wang MZheng FLin JJiang FMa Y(2024)ZeroShield: Transparently Mitigating Code Page Sharing Attacks With Zero-Cost Stand-ByIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.343506219(7389-7403)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2024.3435062
Ji CLi DMi ZXia Y(2024)PrometheusMigrate: Efficient Live Migration of Confidential Virtual Machine with Software Abstraction2024 IEEE International Conference on Joint Cloud Computing (JCC)10.1109/JCC62314.2024.00008(1-8)Online publication date: 15-Jul-2024
https://doi.org/10.1109/JCC62314.2024.00008
Show More Cited By

Index Terms

Non-monopolizable caches: Low-complexity mitigation of cache side channel attacks
1. Computer systems organization
  1. Architectures

Recommendations

Augmenting cache partitioning with thread-aware insertion/promotion policies to manage shared caches
CF '10: Proceedings of the 7th ACM international conference on Computing frontiers

In this paper, we augment traditional cache partitioning with thread-aware adaptive insertion and promotion policies to manage shared L2 caches. The proposed mechanism can mitigate destructive inter-thread interference, and meanwhile retain some ...
Fetch Caches
Performance of One's Complement Caches

On-chip caches to reduce average memory access latency are commonplace in today's commercial microprocessors. These on-chip caches generally have low associativity and small cache sizes. Cache line conflicts are the main source of cache misses, which ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Architecture and Code Optimization

ACM Transactions on Architecture and Code Optimization Volume 8, Issue 4

Special Issue on High-Performance Embedded Architectures and Compilers

January 2012

765 pages

ISSN:1544-3566

EISSN:1544-3973

DOI:10.1145/2086696

Issue’s Table of Contents

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 January 2012

Accepted: 01 November 2011

Revised: 01 October 2011

Received: 01 July 2011

Published in TACO Volume 8, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

147
Total Citations
View Citations
1,313
Total Downloads

Downloads (Last 12 months)190
Downloads (Last 6 weeks)28

Reflects downloads up to 02 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ferguson EWilson ANaghibijouybari HQuek TGao DZhou JCardenas A(2024)WebGPU-SPY: Finding Fingerprints in the Sandbox through GPU Cache AttacksProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637648(158-171)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637648
Wang MZheng FLin JJiang FMa Y(2024)ZeroShield: Transparently Mitigating Code Page Sharing Attacks With Zero-Cost Stand-ByIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.343506219(7389-7403)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2024.3435062
Ji CLi DMi ZXia Y(2024)PrometheusMigrate: Efficient Live Migration of Confidential Virtual Machine with Software Abstraction2024 IEEE International Conference on Joint Cloud Computing (JCC)10.1109/JCC62314.2024.00008(1-8)Online publication date: 15-Jul-2024
https://doi.org/10.1109/JCC62314.2024.00008
Gaudin NCotret PGogniat GLapôtre V(2024)A Fine-Grained Dynamic Partitioning Against Cache-Based Timing Attacks via Cache Locking2024 IEEE Computer Society Annual Symposium on VLSI (ISVLSI)10.1109/ISVLSI61997.2024.00041(173-179)Online publication date: 1-Jul-2024
https://doi.org/10.1109/ISVLSI61997.2024.00041
Bhatla ANavneet Panda B(2024)The Maya Cache: A Storage-efficient and Secure Fully-associative Last-level Cache2024 ACM/IEEE 51st Annual International Symposium on Computer Architecture (ISCA)10.1109/ISCA59077.2024.00013(32-44)Online publication date: 29-Jun-2024
https://doi.org/10.1109/ISCA59077.2024.00013
Priya BRao PParameswari D(2024)Shielding secrets: developing an enigmatic defense system with deep learning against side channel attacksDiscover Sustainability10.1007/s43621-024-00455-45:1Online publication date: 10-Sep-2024
https://doi.org/10.1007/s43621-024-00455-4
Alsup DPutluru MCui SZhang Y(2024)Cloud security game theory scoring from predation models in simulationCluster Computing10.1007/s10586-023-04067-x27:3(2381-2398)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1007/s10586-023-04067-x
Hatchikian-Houdot JWilke PBesson FHiet G(2024)Formal Hardware/Software Models for Cache Locking Enabling Fast and Secure CodeComputer Security – ESORICS 202410.1007/978-3-031-70896-1_8(153-173)Online publication date: 6-Sep-2024
https://doi.org/10.1007/978-3-031-70896-1_8
Kaur JDas S(2023)RSPP: Restricted Static Pseudo-Partitioning for Mitigation of Cross-Core Covert Channel AttacksACM Transactions on Design Automation of Electronic Systems10.1145/363722229:2(1-22)Online publication date: 13-Dec-2023
https://dl.acm.org/doi/10.1145/3637222
Guo YCao DXin XZhang YYang J(2023)Uncore Encore: Covert Channels Exploiting Uncore Frequency ScalingProceedings of the 56th Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3613424.3614259(843-855)Online publication date: 28-Oct-2023
https://dl.acm.org/doi/10.1145/3613424.3614259
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents