Chunked-Cache: On-Demand and Scalable Cache Isolation for Security Architectures

10/15/2021
by   Ghada Dessouky, et al.
0

Shared cache resources in multi-core processors are vulnerable to cache side-channel attacks. Recently proposed defenses have their own caveats: Randomization-based defenses are vulnerable to the evolving attack algorithms besides relying on weak cryptographic primitives, because they do not fundamentally address the root cause for cache side-channel attacks. Cache partitioning defenses, on the other hand, provide the strict resource partitioning and effectively block all side-channel threats. However, they usually rely on way-based partitioning which is not fine-grained and cannot scale to support a larger number of protection domains, e.g., in trusted execution environment (TEE) security architectures, besides degrading performance and often resulting in cache underutilization. To overcome the shortcomings of both approaches, we present a novel and flexible set-associative cache partitioning design for TEE architectures, called Chunked-Cache. Chunked-Cache enables an execution context to "carve" out an exclusive configurable chunk of the cache if the execution requires side-channel resilience. If side-channel resilience is not required, mainstream cache resources are freely utilized. Hence, our solution addresses the security-performance trade-off practically by enabling selective and on-demand utilization of side-channel-resilient caches, while providing well-grounded future-proof security guarantees. We show that Chunked-Cache provides side-channel-resilient cache utilization for sensitive code execution, with small hardware overhead, while incurring no performance overhead on the OS. We also show that it outperforms conventional way-based cache partitioning by 43 while scaling significantly better to support a larger number of protection domains.

READ FULL TEXT

page 1

page 5

page 6

page 12

research
09/20/2019

HybCache: Hybrid Side-Channel-Resilient Caches for Trusted Execution Environments

Modern multi-core processors share cache resources for maximum cache uti...
research
10/29/2020

CURE: A Security Architecture with CUstomizable and Resilient Enclaves

Security architectures providing Trusted Execution Environments (TEEs) h...
research
11/11/2022

Remapped Cache Layout: Thwarting Cache-Based Side-Channel Attacks with a Hardware Defense

As cache-based side-channel attacks become serious security problems, va...
research
04/12/2022

Fast Selective Flushing to Mitigate Contention-based Cache Timing Attacks

Caches are widely used to improve performance in modern processors. By c...
research
01/27/2022

CacheFX: A Framework for Evaluating Cache Security

Over the last two decades, the danger of sharing resources between progr...
research
04/28/2017

Mixed-criticality Scheduling with Dynamic Redistribution of Shared Cache

The design of mixed-criticality systems often involvespainful tradeoffs ...
research
11/19/2019

MuonTrap: Preventing Cross-Domain Spectre-Like Attacks by Capturing Speculative State

The disclosure of the Spectre speculative-execution attacks in January 2...

Please sign up or login with your details

Forgot password? Click here to reset