Caches are used to reduce the speed differential between the CPU and memory to improve the performance of modern processors. However, attackers can use contention-based cache timing attacks to steal sensitive information from victim processes through carefully designed cache eviction sets. And L1 data cache attacks are widely exploited and pose a significant privacy and confidentiality threat. Existing hardware-based countermeasures mainly focus on cache partitioning, randomization, and cache line flushing, which unfortunately either incur high overhead or can be circumvented by sophisticated attacks. In this paper, we propose a novel hardware-software co-design called BackCache with the idea of always achieving cache hits instead of cache misses to mitigate contention-based cache timing attacks on the L1 data cache. BackCache places the evicted cache lines from the L1 data cache into a fully-associative backup cache to hide the evictions. To improve the security of BackCache, we introduce a randomly used replacement policy (RURP) and a dynamic backup cache resizing mechanism. We also present a theoretical security analysis to demonstrate the effectiveness of BackCache. Our evaluation on the gem5 simulator shows that BackCache can degrade the performance by 1.33%, 7.34%, and 7.59% For OS kernel, single-thread, and multi-thread benchmarks.
翻译:缓存被用于减少CPU和内存之间的速度差异,以提高现代处理器的性能。然而,攻击者可以使用基于争用的缓存时序攻击通过精心设计的缓存逐出集从受害进程中窃取敏感信息。 L1数据缓存攻击被广泛利用,构成了重大的隐私和机密威胁。现有的硬件防护措施主要集中在缓存分割、随机化和缓存行刷新上,这些措施都会带来高昂的开销,或者可能被复杂的攻击绕过。在本文中,我们提出了一种新的硬件-软件协同设计——BackCache,其想法是始终实现缓存命中,而不是缓存失效,以减轻 L1数据缓存的基于争用的缓存时序攻击。 BackCache将 L1数据缓存中被逐出的缓存行放入一个全关联备份缓存中以隐藏逐出。为了提高BackCache的安全性,我们引入了一种随机使用的替换策略 (RURP) 和一个动态的备份缓存调整机制。我们还提出了一种理论安全分析来证明BackCache的有效性。我们在gem5模拟器上的评估显示,对于操作系统内核、单线程和多线程基准测试,BackCache可以使性能降低1.33%、7.34%和7.59%。