The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Countermeasures for cache contention-based attacks based on randomisation remapping

Countermeasures for cache contention-based attacks based on randomisation remapping
Countermeasures for cache contention-based attacks based on randomisation remapping
Many cache designs have been proposed to guard against contention-based side-channel attacks. Specifically, the last-level cache, which is often a shared cache between different users. One type of well-known cache is the randomisation remapping cache. For example, the CEASER-S cache applies an encryption cypher with a periodically changing key as a cache indexing function. By decreasing the re-keying period, CEASER-S can defeat even a more aggressive contention-based attack. However, this can lead to performance degradation. Balancing the performance and the security against contention-based attacks becomes an essential consideration of the cache design. In this thesis, we propose a novel cache configuration, logical associativity. By applying this configuration, we propose two secure randomisation remapping cache designs against contention-based attacks. The first cache we propose is the CEASER-SH cache, which is based on the CEASER-S cache. This cache allows the cache line to be placed not only in its mapped cache set but also in the subsequent cache sets. By enlarging the possible placement positions of the cache line, contention-based attacks are mitigated. Hence, the cache does not need to decrease the re-keying period significantly which would cause significant performance degradation. From the simulation results, for example, compared with CEASER-S, CEASER-SH with a logical associativity of 2 can reduce the miss rate by about 26% and the CPI by about 0.8% while maintaining the same security level against an aggressive Prime+Probe attack. The second secure cache we propose is the Skewed Elastic-Associativity Cache (SEA cache). Unlike from CEASER-SH, this cache allows each user or each process to have different local logical associativity settings. Hence, only some users or processes that request extra protection against contention-based attacks are protected with high logical associativity. Other users can access the cache, or other pages can be accessed in the cache with lower latency and higher performance. The simulation results show that the SEA cache can outperform the CEASER-SH cache in terms of normal user’s performance and overall security against contention-based attacks with minor extra power consumption. For example, the SEA cache with logical associativity of 1 for normal protection users and 16 for high protection users achieves better protection against contention-base attacks and about 0.4% CPI degredation in the normal user’s core with just 0.01W extra power, compared to the CEASER-SH cache with logical associativity of 8.
University of Southampton
Liu, Xiao
143462e5-2f98-4ce1-a00b-9a976d4be95e
Liu, Xiao
143462e5-2f98-4ce1-a00b-9a976d4be95e
Zwolinski, Mark
adfcb8e7-877f-4bd7-9b55-7553b6cb3ea0
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33

Liu, Xiao (2023) Countermeasures for cache contention-based attacks based on randomisation remapping. University of Southampton, Doctoral Thesis, 125pp.

Record type: Thesis (Doctoral)

Abstract

Many cache designs have been proposed to guard against contention-based side-channel attacks. Specifically, the last-level cache, which is often a shared cache between different users. One type of well-known cache is the randomisation remapping cache. For example, the CEASER-S cache applies an encryption cypher with a periodically changing key as a cache indexing function. By decreasing the re-keying period, CEASER-S can defeat even a more aggressive contention-based attack. However, this can lead to performance degradation. Balancing the performance and the security against contention-based attacks becomes an essential consideration of the cache design. In this thesis, we propose a novel cache configuration, logical associativity. By applying this configuration, we propose two secure randomisation remapping cache designs against contention-based attacks. The first cache we propose is the CEASER-SH cache, which is based on the CEASER-S cache. This cache allows the cache line to be placed not only in its mapped cache set but also in the subsequent cache sets. By enlarging the possible placement positions of the cache line, contention-based attacks are mitigated. Hence, the cache does not need to decrease the re-keying period significantly which would cause significant performance degradation. From the simulation results, for example, compared with CEASER-S, CEASER-SH with a logical associativity of 2 can reduce the miss rate by about 26% and the CPI by about 0.8% while maintaining the same security level against an aggressive Prime+Probe attack. The second secure cache we propose is the Skewed Elastic-Associativity Cache (SEA cache). Unlike from CEASER-SH, this cache allows each user or each process to have different local logical associativity settings. Hence, only some users or processes that request extra protection against contention-based attacks are protected with high logical associativity. Other users can access the cache, or other pages can be accessed in the cache with lower latency and higher performance. The simulation results show that the SEA cache can outperform the CEASER-SH cache in terms of normal user’s performance and overall security against contention-based attacks with minor extra power consumption. For example, the SEA cache with logical associativity of 1 for normal protection users and 16 for high protection users achieves better protection against contention-base attacks and about 0.4% CPI degredation in the normal user’s core with just 0.01W extra power, compared to the CEASER-SH cache with logical associativity of 8.

Text
Xiao Liu Doctoral Thesis PDFA - Version of Record
Available under License University of Southampton Thesis Licence.
Download (2MB)
Text
Final-thesis-submission-Examination-Mr-Xiao-Liu
Restricted to Repository staff only
Available under License University of Southampton Thesis Licence.

More information

Published date: November 2023
Related URLs:
Learn more about School of Electronics and Computer Science research

Identifiers

Local EPrints ID: 484674
URI: http://eprints.soton.ac.uk/id/eprint/484674
PURE UUID: b8174784-58ad-45c5-aa4e-0016a7e0c156
ORCID for Xiao Liu: ORCID iD orcid.org/0000-0002-5928-4293
ORCID for Mark Zwolinski: ORCID iD orcid.org/0000-0002-2230-625X
ORCID for Basel Halak: ORCID iD orcid.org/0000-0003-3470-7226

Catalogue record

Date deposited: 20 Nov 2023 17:39
Last modified: 18 Mar 2024 03:53

Export record

Contributors

Author: Xiao Liu ORCID iD
Thesis advisor: Mark Zwolinski ORCID iD
Thesis advisor: Basel Halak ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×