Mitigating Cache-Based Side-Channel Attacks through Randomization: A Comprehensive System and Architecture Level Analysis
Han Wang1,a, Hossein Sayadi2, Tinoosh Mohsenin3, Liang Zhao4,c, Avesta Sasan4,d, Setareh Rafatirad4,e and Houman Homayoun1,b
1University of California, Davis, CA, USA
ahjlwang@ucdavis.edu
bhhomayoun@ucdavis.edu
2California State University, Long Beach, CA, USA
hossein.sayadi@csulb.edu
3University of Maryland, Baltimore County, MA, USA
tinoosh@umbc.edu
4George Mason University, Fairfax, VA, USA
clzhao9@gmu.edu
dasasan@gmu.edu
esrafatir@gmu.edu
ABSTRACT
Cache hierarchy was designed to allow CPU cores to process instructions faster by bridging the significant latency gap between the main memory and processor. In addition, various cache replacement algorithms are proposed to predict future data and instructions to boost the performance of the computer systems. However, recently proposed cache-based Side- Channel Attacks (SCAs) have shown to effectively exploiting such a hierarchical cache design. The cache-based SCAs are exploiting the hardware vulnerabilities to steal secret information from users by observing cache access patterns of cryptographic applications and thus are emerging as a serious threat to the security of the computer systems. Prior works on mitigating the cache-based SCAs have mainly focused on cache partitioning techniques and/or randomization of mapping between main memory. However, such solutions though effective, require modification in the processor hardware which increases the complexity of architecture design and are not applicable to current as well as legacy architectures. In response, this paper proposes a lightweight system and architecture level randomization technique to effectively mitigate the impact of side-channel attacks on last-level caches with no hardware redesign overhead for current as well as legacy architectures. To this aim, by carefully adapting the processor frequency and prefetchers peration and adding proper level of noise to the attackers’ cache observations we attempt to protect the critical information from being leaked. The experimental results indicate that the concurrent randomization of frequency and prefetchers can significantly prevent cachebased side-channel attacks with no need for a new cache design. In addition, the proposed randomization and adaptation methodology outperforms the stat-of-the-art solutions in terms of the performance and execution time by reducing the performance overhead from 32.66% to nearly 20%.
Keywords: SCA Mitigation, Frequency scaling, Prefetcher Adaptation, Randomization, Prime+Probe.