CLD: An Accurate, Cost-Effective and Scalable Run-Time Cache Leakage Detector

Abstract

Cache logical side channel attacks pose a significant threat to the security of modern computer systems. This is a result of exploitation of cache information leakages arising from cache contention. Detection of such leakages can be inferred from cache behavior and processes’ access patterns during run time. To achieve this, a detection template that uses available information on cache outputs and process accesses at run-time is required. In this work, such template is proposed and implemented as a hardware monitor called Cache Leakage Detector (CLD). CLD is a high-accuracy, cost-effective and scalable run-time cache information leakage detector. CLD uses cache signals and process IDs to detect exploitable cache access patterns. It does so by identifying potential information leakage patterns. Accuracy of CLD is evaluated by using several benchmarks and injecting attacks into a 128-bit key AES algorithm. The experiments demonstrate that CLD has far higher detection accuracy (0.7964 vs 0.3195) and lower percentage of false positive detections (1.2% vs 30.6%) compared to a state-of-the-art hardware detector. Moreover, CLD introduces a very low area overhead of 0.002% to the total area of the cache. Experimental result section reports the above claims in detail.