Kai Wang, Fengkai Yuan, Rui Hou, Jingqiang Lin, Z. Ji, Dan Meng
{"title":"CacheGuard: a security-enhanced directory architecture against continuous attacks","authors":"Kai Wang, Fengkai Yuan, Rui Hou, Jingqiang Lin, Z. Ji, Dan Meng","doi":"10.1145/3310273.3323051","DOIUrl":null,"url":null,"abstract":"Modern processor cores share the last-level cache and directory to improve resource utilization. Unfortunately, such sharing makes the cache vulnerable to cross-core cache side channel attacks. Recent studies show that information leakage through cross-core cache side channel attacks is a serious threat in different computing domains ranging from cloud servers and mobile phones to embedded devices. However, previous solutions have limitations of losing performance, lacking golden standards, requiring software support, or being easily bypassed. In this paper, we observe that most cross-core cache side channel attacks cause sensitive data to appear in a ping-pong pattern in continuous attack scenarios, where attackers need to launch numerous attacks in a short period of time. This paper proposes CacheGuard to defend against the continuous attacks. CacheGuard extends the directory architecture for capturing the ping-pong patterns. Once the ping-pong pattern of a cache line is captured, Cache-Guard can secure the line with two pattern-oriented counteractions, Preload and Lock. The experimental evaluation demonstrates that CacheGuard can block the continuous attacks, and that it induces negligible performance degradation and hardware overhead.","PeriodicalId":431860,"journal":{"name":"Proceedings of the 16th ACM International Conference on Computing Frontiers","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 16th ACM International Conference on Computing Frontiers","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3310273.3323051","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
Modern processor cores share the last-level cache and directory to improve resource utilization. Unfortunately, such sharing makes the cache vulnerable to cross-core cache side channel attacks. Recent studies show that information leakage through cross-core cache side channel attacks is a serious threat in different computing domains ranging from cloud servers and mobile phones to embedded devices. However, previous solutions have limitations of losing performance, lacking golden standards, requiring software support, or being easily bypassed. In this paper, we observe that most cross-core cache side channel attacks cause sensitive data to appear in a ping-pong pattern in continuous attack scenarios, where attackers need to launch numerous attacks in a short period of time. This paper proposes CacheGuard to defend against the continuous attacks. CacheGuard extends the directory architecture for capturing the ping-pong patterns. Once the ping-pong pattern of a cache line is captured, Cache-Guard can secure the line with two pattern-oriented counteractions, Preload and Lock. The experimental evaluation demonstrates that CacheGuard can block the continuous attacks, and that it induces negligible performance degradation and hardware overhead.