Skip to Main content Skip to Navigation
New interface
Conference papers

IE-Cache: Counteracting Eviction-Based Cache Side-Channel Attacks Through Indirect Eviction

Abstract : Protecting critical information against eviction-based cache side-channel attacks has always been challenging. In these attacks, attacker reveals secrets by observing cache lines evicted by the co-running applications. A precondition for such attacks is that the attacker needs a set of cache lines mapped to memory addresses belonging to victim, called eviction set. Attacker learns eviction set by loading the cache lines at random and then it observes their evictions as a result of victim access. We have found that the relation between the incoming memory location and the resulting evicted cache line eases the learning of an eviction set. In this paper, we propose Indirect Eviction Cache (IE-Cache) that is based on the principle of indirect eviction to harden the building of eviction set. In an eviction process of IE-Cache, incoming memory triggers series of replacements based on the cached memory addresses and a secure-indexing function, and the last replaced cache line is evicted. This increases the set size and introduces non-evicting cache lines in the eviction set. Through experimental results, we have shown that a 4-way set associative IE-Cache having 1MB and up to 3 replacements per eviction would require an attacker to generate $${\approx }2^{59}$$≈259 memory accesses to learn an eviction set with 99% confidence. Moreover, it achieves 1–3% speedup compared to set-associative cache with a random-replacement policy on PARSEC benchmarks.
Document type :
Conference papers
Complete list of metadata

https://hal.inria.fr/hal-03440838
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Monday, November 22, 2021 - 3:33:22 PM
Last modification on : Wednesday, March 23, 2022 - 10:26:02 AM
Long-term archiving on: : Wednesday, February 23, 2022 - 7:58:53 PM

File

 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2023-01-01

Please log in to resquest access to the document

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Collections

Citation

Muhammad Asim Mukhtar, Muhammad Khurram Bhatti, Guy Gogniat. IE-Cache: Counteracting Eviction-Based Cache Side-Channel Attacks Through Indirect Eviction. 35th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Sep 2020, Maribor, Slovenia. pp.32-45, ⟨10.1007/978-3-030-58201-2_3⟩. ⟨hal-03440838⟩

Share

Metrics

Record views

13