MIRAGE: Mitigating Conflict-Based Cache Attacks with a Practical Fully-Associative Design

09/18/2020
by   Gururaj Saileshwar, et al.
0

Shared caches in processors are vulnerable to conflict-based side-channel attacks, whereby an attacker can monitor the access pattern of a victim by evicting victim cache lines using cache-set conflicts. Recent mitigations propose a randomized mapping of addresses to cache lines, to obfuscate locations of set-conflicts. However, newer attacks are able to discover conflicting addresses despite such mitigations, because these designs select candidates for eviction only from a small set of conflicting lines. This paper presents Mirage, a practical design for a fully associative cache, wherein eviction candidates are selected randomly from among all the lines resident in the cache, to be immune to set-conflicts. A key challenge in enabling such a design for large shared caches (containing tens of thousands of resident cache lines) is managing the complexity of cache-lookup, as a naive design can require searching through all the resident lines. Mirage achieves full-associativity while retaining practical set-associative lookups by decoupling placement and replacement, using pointer-based indirection from tag-store to data-store to allow a newly installed address to globally evict data of any random resident line. To eliminate set-conflicts, Mirage provisions extra invalid tags and a skewed-associative tag-store design where lines can be installed without set-conflict, along with a load-aware skew-selection policy that guarantees the availability of sets with invalid tags. Our analysis shows Mirage provides the global eviction property of a fully-associative cache throughout system-lifetime (violations of full-associativity, i.e set-conflicts, occur less than once in 10^4 to 10^17 years), thus offering a principled defense against any eviction-set discovery and any potential conflict based attacks. Mirage incurs limited slowdown (2 storage compared to a non-secure cache.

READ FULL TEXT
research
09/26/2019

New Attacks and Defenses for Randomized Caches

The last level cache is vulnerable to timing based side channel attacks ...
research
09/02/2019

Touché: Towards Ideal and Efficient Cache Compression By Mitigating Tag Area Overheads

Compression is seen as a simple technique to increase the effective cach...
research
06/06/2019

Lookout for Zombies: Mitigating Flush+Reload Attack on Shared Caches by Monitoring Invalidated Lines

OS-based page sharing is a commonly used optimization in modern systems ...
research
08/05/2020

Randomized Last-Level Caches Are Still Vulnerable to Cache Side-Channel Attacks! But We Can Fix It

Cache randomization has recently been revived as a promising defense aga...
research
10/02/2018

Theory and Practice of Finding Eviction Sets

Many micro-architectural attacks rely on the capability of an attacker t...
research
03/28/2023

The Mirage of Breaking MIRAGE: Refuting the HPCA-2023 Paper "Are Randomized Caches Truly Random?"

The HPCA-2023 paper "Are Randomized Caches Truly Random?" makes the clai...
research
12/02/2020

PiPoMonitor: Mitigating Cross-core Cache Attacks Using the Auto-Cuckoo Filter

Cache side channel attacks obtain victim cache line access footprint to ...

Please sign up or login with your details

Forgot password? Click here to reset