Fast Selective Flushing to Mitigate Contention-based Cache Timing Attacks
Caches are widely used to improve performance in modern processors. By carefully evicting cache lines and identifying cache hit/miss time, contention-based cache timing channel attacks can be orchestrated to leak information from the victim process. Existing hardware countermeasures explored cache partitioning and randomization, are either costly, not applicable for the L1 data cache, or are vulnerable to sophisticated attacks. Countermeasures using cache flush exist but are slow since all cache lines have to be evacuated during a cache flush. In this paper, we propose for the first time a hardware/software flush-based countermeasure, called fast selective flushing (FaSe). By utilizing an ISA extension (one flush instruction) and cache modification (additional state bits and control logic), FaSe selectively flushes cache lines and provides a mitigation method with a similar effect to existing methods using naive flushing methods. FaSe is implemented on RISC-V Rocket Core/Chip and evaluated on Xilinx FPGA running user programs and the Linux operating system. Our experimental results show that FaSe reduces time overhead significantly by 36 system compared to the methods with naive flushing, with less than 1 overhead. Our security test shows FaSe is capable of mitigating target cache timing attacks.
READ FULL TEXT