Seeds of SEED: A Side-Channel Resilient Cache Skewed by a Linear Function over a Galois Field
- 1 September 2021
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE) in 2021 International Symposium on Secure and Private Execution Environment Design (SEED)
Abstract
Consider a set-associative cache with p n sets and p n ways where p is prime and n > 0. Furthermore, assume that the cache may be shared among p n mutually distrusting principals that may use the Prime+Probe side-channel attack against one another; architecturally, these principals occupy separate security domains (for example, separate processes, virtual machines, sandboxes, etc.). This paper shows that there exists a linear skewing of cache sets over the Galois field G p n that exhibits the following property: each cache set of each security domain intersects every cache set of every other security domain exactly once. Therefore, a random eviction from a single cache set in security domain A may be observed via Prime+Probe in any of security domain B’s cache sets. This paper characterizes this linear skewing and describes how it can be implemented efficiently in hardware.Keywords
This publication has 14 references indexed in Scilit:
- DAWG: A Defense Against Cache Timing Attacks in Speculative Execution ProcessorsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2018
- Newcache: Secure Cache Architecture Thwarting Cache Side-Channel AttacksIEEE Micro, 2016
- ReplayConfusion: Detecting cache-based covert channel attacks using record and replayPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2016
- CATalyst: Defeating last-level cache side channel attacks in cloud computingPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2016
- Last-Level Cache Side-Channel Attacks are PracticalPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloringPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2011
- AES implementation on a grain of sandIEE Proceedings - Information Security, 2005
- Page placement algorithms for large real-indexed cachesACM Transactions on Computer Systems, 1992
- A note on the confinement problemCommunications of the ACM, 1973
- The working set model for program behaviorCommunications of the ACM, 1968