First Time Miss: Low Overhead Mitigation for Shared Memory Cache Side Channels [conference paper]

Conference

49th International Conference on Parallel Processing – August 2020

Authors

Kartik Ramkrishnan (Ph.D. student), Stephen McCamant (associate professor), Pen-Chung Yew (professor), Antonia Zhai (associate professor)

Abstract

Cache hit or miss is an important source of information leakage in cache side channel attacks. An attacker observes a much faster cache access time if the cache line has previously been filled in by the victim, and a much slower memory access time if the victim has not accessed this cache line, thus revealing to the attacker whether the victim has accessed the cache line or not.

For machines with private caches, this leakage can be mitigated by scheduling the victim and potential attackers on different cores, or flushing the private caches after a use. However, the latter is less practical for the large last-level cache. In this work, we propose a novel yet simple mitigation approach for cross-core attacks, called FTM (first time miss) approach. In this approach, in order to hide a cache hit to a shared cache, we make it to behave like a miss when it is accessed the first time by a thread. It is simulated by buffering the cache line for a time similar to the memory access time (i.e. like a miss penalty), and then sending it to the private cache. The next access onwards, it is safe to allow cache hits on this cache line because the attacker has already accessed it once, and expects it to be filled anyway. Thus, all of the cache lines appear to be accessed only by the attacker, and the access patterns of the victim can be hidden.

The hardware overhead for the FTM scheme is minimal because it only needs a small per core buffer. Simulation-based evaluation on SPEC and PARSEC benchmarks shows low performance hit (< 0.1%) because of low number of first time misses in most application programs.

Link to full paper

First Time Miss: Low Overhead Mitigation for Shared Memory Cache Side Channels

Keywords

program security, debugging, testing

Share