Conflict-based side-channel attacks allow attackers to monitor victims’ access patterns by asserting malicious cache conflicts. While cache randomization has emerged as a potential defense, existing solutions face critical limitations. CEASER-S and DT4+EV10 fail to fully prevent existing eviction set searching algorithms. Other approaches such as MIRAGE and Chameleon suffer from intolerable area and power overheads. To alleviate these limitations, we introduce a randomized cache with attack detection triggered on-demand remapping. A detector is designed to identify active attacks by their distinct ping-pong access patterns and trigger remaps to thwart attacks when they are detected. Our approach achieves sufficient protection against conflict-based side-channel attacks while incurs negligible runtime performance impact with moderate area and power overhead.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Detecting and Mitigating Conflict-Based Cache Side-Channel Attacks by Monitoring Ping-Pong Accesses Patterns

  • Hao Ma,
  • Zhidong Wang,
  • Da Xie,
  • Jinchi Han,
  • Wei Song

摘要

Conflict-based side-channel attacks allow attackers to monitor victims’ access patterns by asserting malicious cache conflicts. While cache randomization has emerged as a potential defense, existing solutions face critical limitations. CEASER-S and DT4+EV10 fail to fully prevent existing eviction set searching algorithms. Other approaches such as MIRAGE and Chameleon suffer from intolerable area and power overheads. To alleviate these limitations, we introduce a randomized cache with attack detection triggered on-demand remapping. A detector is designed to identify active attacks by their distinct ping-pong access patterns and trigger remaps to thwart attacks when they are detected. Our approach achieves sufficient protection against conflict-based side-channel attacks while incurs negligible runtime performance impact with moderate area and power overhead.