{"title":"隔离高速缓存屏蔽:通过隔离高速缓存集防御高速缓存攻击","authors":"Kai Nie, Rongcai Zhao, Xiao Zhang, tongguang li","doi":"10.1117/12.3032005","DOIUrl":null,"url":null,"abstract":"Cache isolation is a highly effective method for defending against cache side-channel attacks. This approach divides the cache into different isolation domains, assigning distinct domains to mutually untrusted processes, preventing processes from sharing the cache across domains. However, existing solutions have certain limitations. Cache partitioning based on ways has a limited number of isolation domains and may not fully meet users' practical needs. Page coloring schemes require proportional allocation of memory and cache, which is inflexible. This paper introduces ICS, a flexible and secure cache isolation solution. ICS supports up to hundreds of isolation domains, with memory allocation independent of the cache. Additionally, domain management is convenient. ICS is a set isolation solution, with its core being SMT. SMT modifies the mapping relationship between memory and LLC, directing the memory of different isolation domains to distinct cache sets. Implemented with a 1MB 16-way LLC, ICS can support a maximum of 512 isolation domains, with a storage overhead of approximately 1.3% and performance loss of around 1%. It represents a cost-effective method for defending against cache side-channel attacks.","PeriodicalId":198425,"journal":{"name":"Other Conferences","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Isolate cache shield: defending cache attacks via cache set isolation\",\"authors\":\"Kai Nie, Rongcai Zhao, Xiao Zhang, tongguang li\",\"doi\":\"10.1117/12.3032005\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cache isolation is a highly effective method for defending against cache side-channel attacks. This approach divides the cache into different isolation domains, assigning distinct domains to mutually untrusted processes, preventing processes from sharing the cache across domains. However, existing solutions have certain limitations. Cache partitioning based on ways has a limited number of isolation domains and may not fully meet users' practical needs. Page coloring schemes require proportional allocation of memory and cache, which is inflexible. This paper introduces ICS, a flexible and secure cache isolation solution. ICS supports up to hundreds of isolation domains, with memory allocation independent of the cache. Additionally, domain management is convenient. ICS is a set isolation solution, with its core being SMT. SMT modifies the mapping relationship between memory and LLC, directing the memory of different isolation domains to distinct cache sets. Implemented with a 1MB 16-way LLC, ICS can support a maximum of 512 isolation domains, with a storage overhead of approximately 1.3% and performance loss of around 1%. It represents a cost-effective method for defending against cache side-channel attacks.\",\"PeriodicalId\":198425,\"journal\":{\"name\":\"Other Conferences\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-06-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Other Conferences\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1117/12.3032005\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Other Conferences","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1117/12.3032005","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Isolate cache shield: defending cache attacks via cache set isolation
Cache isolation is a highly effective method for defending against cache side-channel attacks. This approach divides the cache into different isolation domains, assigning distinct domains to mutually untrusted processes, preventing processes from sharing the cache across domains. However, existing solutions have certain limitations. Cache partitioning based on ways has a limited number of isolation domains and may not fully meet users' practical needs. Page coloring schemes require proportional allocation of memory and cache, which is inflexible. This paper introduces ICS, a flexible and secure cache isolation solution. ICS supports up to hundreds of isolation domains, with memory allocation independent of the cache. Additionally, domain management is convenient. ICS is a set isolation solution, with its core being SMT. SMT modifies the mapping relationship between memory and LLC, directing the memory of different isolation domains to distinct cache sets. Implemented with a 1MB 16-way LLC, ICS can support a maximum of 512 isolation domains, with a storage overhead of approximately 1.3% and performance loss of around 1%. It represents a cost-effective method for defending against cache side-channel attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
