Caches are widely used to improve performance in modern processors. By carefully evicting cache lines and identifying cache hit/miss time, contention-based cache timing channel attacks can be orchestrated to leak information from the victim process. Existing hardware countermeasures explored cache partitioning and randomization, are either costly, not applicable for the L1 data cache, or are vulnerable to sophisticated attacks. Countermeasures using cache flush exist but are slow since all cache lines have to be evacuated during a cache flush. In this paper, we propose for the first time a hardware/software flush-based countermeasure, called fast selective flushing (FaSe). By utilizing an ISA extension (one flush instruction) and cache modification (additional state bits and control logic), FaSe selectively flushes cache lines and provides a mitigation method with a similar effect to existing methods using naive flushing methods. FaSe is implemented on RISC-V Rocket Core/Chip and evaluated on Xilinx FPGA running user programs and the Linux operating system. Our experimental results show that FaSe reduces time overhead significantly by 36% for user programs and 42% for the operating system compared to the methods with naive flushing, with less than 1% hardware overhead. Our security test shows FaSe is capable of mitigating target cache timing attacks.
翻译:在现代处理器中广泛使用缓冲器来改进性能。 通过仔细清除缓存线并识别缓冲断/漏出时间,可以对基于争议的缓冲时间频道袭击做出安排,以泄露受害者过程的信息。 现有的硬件反措施探索缓冲分割和随机化,或者费用昂贵,对L1数据缓存不适用,或者容易受到复杂的攻击。 使用缓冲冲冲器的对策已经存在,但缓慢,因为所有缓冲线都必须在缓冲冲冲冲中进行疏散。 在本文件中,我们首次提议采取硬件/软软件冲刷反制措施,称为快速抽取(FASe ) 。 通过使用 ISA 扩展( 一次冲洗指令) 和缓冲时间变换( 额外状态比子和控制逻辑), FaSe 选择性冲移动缓冲缓存线提供了一种与现有方法相似的缓解方法,使用天真的冲方法。 FaSee在RISC-V火箭核心/芯片上实施,并评估Xilinx操作系统。 我们的实验结果表明, FaSefase 操作系统将用户程序将时间减少36%和42%的缓冲压。