Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Cyberspace Safety and Security

CSS 2018: Cyberspace Safety and Security pp 115–123Cite as

Optimal Partitioning of LLC in CAT-enabled CPUs to Prevent Side-Channel Attacks

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11161))

Abstract

Over the last years, timing channels that exploit resources shared at the microarchitectural level have attracted a lot of attention. The majority of such side-channel attacks target CPU caches. Cache-based side-channel attacks are based on monitoring cache accesses performed by a victim process through measurements of access times by a spy process that shares the cache with the victim. Among the countermeasures proposed to frustrate cache-based side-channel attacks, cache partitioning seems most effective. The recently introduced Cache Allocation Technology (CAT) enables fine control over the LLC and how cores allocate into it. In this work, we introduce the problem of optimizing cache partitioning under dynamically configurable schemes such as Intel CAT, in the perspective of thwarting access-based side-channel attacks.

Authors acknowledge the financial support provided by the Research grant of Università Parthenope, DR no. 793, november 28th, 2017.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Vol 3B, Section 17.19.2 of the Intel 64 and IA-32 Architectures Software Developer’s Manual.

References

  1. Bui, B.D., Caccamo, M., Sha, L., Martinez, J.: Impact of cache partitioning on multi-tasking real time embedded systems. In: 14th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2008, pp. 101–110. IEEE (2008)

    Google Scholar 

  2. Coppens, B., Verbauwhede, I., De Bosschere, K., De Sutter, B.: Practical mitigations for timing-based side-channel attacks on modern x86 processors. In: 2009 30th IEEE Symposium on Security and Privacy, pp. 45–60. IEEE (2009)

    Google Scholar 

  3. Domnitser, L., Jaleel, A., Loew, J., Abu-Ghazaleh, N., Ponomarev, D.: Non-monopolizable caches: low-complexity mitigation of cache side channel attacks. ACM Trans. Archit. Code Optim. (TACO) 8(4), 35 (2012)

    Google Scholar 

  4. Evtyushkin, D., Ponomarev, D., Abu-Ghazaleh, N.: Jump over ASLR: attacking branch predictors to bypass ASLR. In: The 49th Annual IEEE/ACM International Symposium on Microarchitecture, p. 40. IEEE Press (2016)

    Google Scholar 

  5. Evtyushkin, D., Riley, R., Abu-Ghazaleh, N.C., Ponomarev, D., et al.: BranchScope: a new side-channel attack on directional branch predictor. In: Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 693–707. ACM (2018)

    Google Scholar 

  6. Ge, Q., Yarom, Y., Cock, D., Heiser, G.: A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. J. Cryptogr. Eng. 8(1), 1–27 (2018)

    Article  Google Scholar 

  7. Gellert, A., Florea, A., Fiore, U., Zanetti, P., Vintan, L.: Performance and energy optimisation in cpus through fuzzy knowledge representation. Inf. Sci. (2018, in press)

    Google Scholar 

  8. Gruss, D., Lettner, J., Schuster, F., Ohrimenko, O., Haller, I., Costa, M.: Strong and efficient cache side-channel protection using hardware transactional memory. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 217–233. USENIX Association, Vancouver (2017)

    Google Scholar 

  9. Hennessy, J.L., Patterson, D.A.: Computer Architecture: A Quantitative Approach, 6th edn. Morgan Kaufmann, Burlington (2017)

    MATH  Google Scholar 

  10. Intel Corporation: Improving real-time performance by utilizing cache allocation technology. White paper (2015)

    Google Scholar 

  11. Irazoqui, G., Eisenbarth, T., Sunar, B.: S\$A: a shared cache attack that works across cores and defies VM sandboxing-and its application to AES. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 591–604. IEEE (2015)

    Google Scholar 

  12. Jaleel, A., Borch, E., Bhandaru, M., Steely, S.C.J., Emer, J.: Achieving non-inclusive cache performance with inclusive caches: temporal locality aware (TLA) cache management policies. In: Proceedings of the 2010 43rd Annual IEEE/ACM International Symposium on Microarchitecture, pp. 151–162. IEEE Computer Society (2010)

    Google Scholar 

  13. Kocher, P., et al.: Spectre attacks: exploiting speculative execution. arXiv preprint arXiv:1801.01203 (2018)

  14. Lipp, M., et al.: Meltdown. arXiv preprint arXiv:1801.01207 (2018)

  15. Liu, F., et al.: CATalyst: defeating last-level cache side channel attacks in cloud computing. In: 2016 IEEE International Symposium on High Performance Computer Architecture (HPCA), pp. 406–418. IEEE (2016)

    Google Scholar 

  16. Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 605–622. IEEE (2015)

    Google Scholar 

  17. Page, D.: Partitioned cache architecture as a side-channel defence mechanism. IACR Cryptology ePrint archive 2005(280) (2005)

    Google Scholar 

  18. Percival, C.: Cache missing for fun and profit. In: BSDCan2005, Ottawa, Canada (2005)

    Google Scholar 

  19. Qin, H.: When partitioning works and when it doesn’t: an empirical study on cache way partitioning. In: Zu, Q., Hu, B. (eds.) HCC 2017. LNCS, vol. 10745, pp. 595–607. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-74521-3_62

    Chapter  Google Scholar 

  20. Vintan, L.: About some security niches in present-day microprocessors (in Romanian, asupra unor brese de securitate in microprocesoarele actuale). Buletinul AGIR XXIII(2), 55–65 (2018)

    Google Scholar 

  21. Wang, Z., Lee, R.B.: New cache designs for thwarting software cache-based side channel attacks. In: ACM SIGARCH Computer Architecture News, vol. 35, no. 2, pp. 494–505. ACM (2007)

    Google Scholar 

  22. Wang, Z., Lee, R.B.: A novel cache architecture with enhanced performance and security. In: Proceedings of the 41st Annual IEEE/ACM International Symposium on Microarchitecture, pp. 83–93. IEEE Computer Society (2008)

    Google Scholar 

  23. Yarom, Y., Falkner, K.: Flush+Reload: a high resolution, low noise, L3 cache side-channel attack. In: 23rd USENIX Security Symposium (USENIX Security 14), pp. 719–732. USENIX Association, San Diego (2014)

    Google Scholar 

  24. Ye, C., Ding, C., Luo, H., Brock, J., Chen, D., Jin, H.: Cache exclusivity and sharing: theory and optimization. ACM Trans. Archit. Code Optim. (TACO) 14(4), 34 (2017)

    Google Scholar 

  25. Yu, C., Petrov, P.: Off-chip memory bandwidth minimization through cache partitioning for multi-core platforms. In: 2010 47th ACM/IEEE Design Automation Conference (DAC), pp. 132–137. IEEE (2010)

    Google Scholar 

  26. Zhang, Y., Juels, A., Oprea, A., Reiter, M.K.: HomeAlone: co-residency detection in the cloud via side-channel analysis. In: 2011 IEEE symposium on security and privacy, pp. 313–328. IEEE (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Parthenope University, Napoli, Italy

    Ugo Fiore & Paolo Zanetti

  2. Lucian Blaga University, Sibiu, Romania

    Adrian Florea, Arpad Gellert & Lucian Vintan

Authors
  1. Ugo Fiore
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Adrian Florea
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Arpad Gellert
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Lucian Vintan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Paolo Zanetti
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Adrian Florea .

Editor information

Editors and Affiliations

  1. University of Salerno, Fisciano, Italy

    Arcangelo Castiglione

  2. University Politehnica of Bucharest, Bucharest, Romania

    Florin Pop

  3. University of Campania “L. Vanvitelli”, Caserta, Italy

    Massimo Ficco

  4. University of Salerno, Fisciano, Italy

    Francesco Palmieri

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Fiore, U., Florea, A., Gellert, A., Vintan, L., Zanetti, P. (2018). Optimal Partitioning of LLC in CAT-enabled CPUs to Prevent Side-Channel Attacks. In: Castiglione, A., Pop, F., Ficco, M., Palmieri, F. (eds) Cyberspace Safety and Security. CSS 2018. Lecture Notes in Computer Science(), vol 11161. Springer, Cham. https://doi.org/10.1007/978-3-030-01689-0_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-01689-0_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-01688-3

  • Online ISBN: 978-3-030-01689-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation