Abstract
Over the last years, timing channels that exploit resources shared at the microarchitectural level have attracted a lot of attention. The majority of such side-channel attacks target CPU caches. Cache-based side-channel attacks are based on monitoring cache accesses performed by a victim process through measurements of access times by a spy process that shares the cache with the victim. Among the countermeasures proposed to frustrate cache-based side-channel attacks, cache partitioning seems most effective. The recently introduced Cache Allocation Technology (CAT) enables fine control over the LLC and how cores allocate into it. In this work, we introduce the problem of optimizing cache partitioning under dynamically configurable schemes such as Intel CAT, in the perspective of thwarting access-based side-channel attacks.
Authors acknowledge the financial support provided by the Research grant of Università Parthenope, DR no. 793, november 28th, 2017.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Vol 3B, Section 17.19.2 of the Intel 64 and IA-32 Architectures Software Developer’s Manual.
References
Bui, B.D., Caccamo, M., Sha, L., Martinez, J.: Impact of cache partitioning on multi-tasking real time embedded systems. In: 14th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2008, pp. 101–110. IEEE (2008)
Coppens, B., Verbauwhede, I., De Bosschere, K., De Sutter, B.: Practical mitigations for timing-based side-channel attacks on modern x86 processors. In: 2009 30th IEEE Symposium on Security and Privacy, pp. 45–60. IEEE (2009)
Domnitser, L., Jaleel, A., Loew, J., Abu-Ghazaleh, N., Ponomarev, D.: Non-monopolizable caches: low-complexity mitigation of cache side channel attacks. ACM Trans. Archit. Code Optim. (TACO) 8(4), 35 (2012)
Evtyushkin, D., Ponomarev, D., Abu-Ghazaleh, N.: Jump over ASLR: attacking branch predictors to bypass ASLR. In: The 49th Annual IEEE/ACM International Symposium on Microarchitecture, p. 40. IEEE Press (2016)
Evtyushkin, D., Riley, R., Abu-Ghazaleh, N.C., Ponomarev, D., et al.: BranchScope: a new side-channel attack on directional branch predictor. In: Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 693–707. ACM (2018)
Ge, Q., Yarom, Y., Cock, D., Heiser, G.: A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. J. Cryptogr. Eng. 8(1), 1–27 (2018)
Gellert, A., Florea, A., Fiore, U., Zanetti, P., Vintan, L.: Performance and energy optimisation in cpus through fuzzy knowledge representation. Inf. Sci. (2018, in press)
Gruss, D., Lettner, J., Schuster, F., Ohrimenko, O., Haller, I., Costa, M.: Strong and efficient cache side-channel protection using hardware transactional memory. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 217–233. USENIX Association, Vancouver (2017)
Hennessy, J.L., Patterson, D.A.: Computer Architecture: A Quantitative Approach, 6th edn. Morgan Kaufmann, Burlington (2017)
Intel Corporation: Improving real-time performance by utilizing cache allocation technology. White paper (2015)
Irazoqui, G., Eisenbarth, T., Sunar, B.: S\$A: a shared cache attack that works across cores and defies VM sandboxing-and its application to AES. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 591–604. IEEE (2015)
Jaleel, A., Borch, E., Bhandaru, M., Steely, S.C.J., Emer, J.: Achieving non-inclusive cache performance with inclusive caches: temporal locality aware (TLA) cache management policies. In: Proceedings of the 2010 43rd Annual IEEE/ACM International Symposium on Microarchitecture, pp. 151–162. IEEE Computer Society (2010)
Kocher, P., et al.: Spectre attacks: exploiting speculative execution. arXiv preprint arXiv:1801.01203 (2018)
Lipp, M., et al.: Meltdown. arXiv preprint arXiv:1801.01207 (2018)
Liu, F., et al.: CATalyst: defeating last-level cache side channel attacks in cloud computing. In: 2016 IEEE International Symposium on High Performance Computer Architecture (HPCA), pp. 406–418. IEEE (2016)
Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 605–622. IEEE (2015)
Page, D.: Partitioned cache architecture as a side-channel defence mechanism. IACR Cryptology ePrint archive 2005(280) (2005)
Percival, C.: Cache missing for fun and profit. In: BSDCan2005, Ottawa, Canada (2005)
Qin, H.: When partitioning works and when it doesn’t: an empirical study on cache way partitioning. In: Zu, Q., Hu, B. (eds.) HCC 2017. LNCS, vol. 10745, pp. 595–607. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-74521-3_62
Vintan, L.: About some security niches in present-day microprocessors (in Romanian, asupra unor brese de securitate in microprocesoarele actuale). Buletinul AGIR XXIII(2), 55–65 (2018)
Wang, Z., Lee, R.B.: New cache designs for thwarting software cache-based side channel attacks. In: ACM SIGARCH Computer Architecture News, vol. 35, no. 2, pp. 494–505. ACM (2007)
Wang, Z., Lee, R.B.: A novel cache architecture with enhanced performance and security. In: Proceedings of the 41st Annual IEEE/ACM International Symposium on Microarchitecture, pp. 83–93. IEEE Computer Society (2008)
Yarom, Y., Falkner, K.: Flush+Reload: a high resolution, low noise, L3 cache side-channel attack. In: 23rd USENIX Security Symposium (USENIX Security 14), pp. 719–732. USENIX Association, San Diego (2014)
Ye, C., Ding, C., Luo, H., Brock, J., Chen, D., Jin, H.: Cache exclusivity and sharing: theory and optimization. ACM Trans. Archit. Code Optim. (TACO) 14(4), 34 (2017)
Yu, C., Petrov, P.: Off-chip memory bandwidth minimization through cache partitioning for multi-core platforms. In: 2010 47th ACM/IEEE Design Automation Conference (DAC), pp. 132–137. IEEE (2010)
Zhang, Y., Juels, A., Oprea, A., Reiter, M.K.: HomeAlone: co-residency detection in the cloud via side-channel analysis. In: 2011 IEEE symposium on security and privacy, pp. 313–328. IEEE (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Fiore, U., Florea, A., Gellert, A., Vintan, L., Zanetti, P. (2018). Optimal Partitioning of LLC in CAT-enabled CPUs to Prevent Side-Channel Attacks. In: Castiglione, A., Pop, F., Ficco, M., Palmieri, F. (eds) Cyberspace Safety and Security. CSS 2018. Lecture Notes in Computer Science(), vol 11161. Springer, Cham. https://doi.org/10.1007/978-3-030-01689-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-01689-0_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-01688-3
Online ISBN: 978-3-030-01689-0
eBook Packages: Computer ScienceComputer Science (R0)