Architecting against Software Cache-Based Side-Channel Attacks

Using cache-like architectural components including data caches, instruction caches, or branch target buffers as a side channel, software cache-based side-channel attacks are able to derive secret keys used in cryptographic operations through legitimate software activities. Existing software solutions are typically application specific and incur substantial performance overhead. Recent hardware proposals against attacks on data caches, although effective in reducing performance overhead, may still be vulnerable to advanced attacks. Furthermore, efficient defenses against attacks on other cache structures, including instruction caches and branch target buffers, are missing. In this paper, we propose hardware-software integrated approaches to defend against software cache-based attacks comprehensively. For attacks on data caches, we propose to use preloading, informing loads, and informing loads with software random permutation to secure the partition-locked cache (PLcache), the random permutation (RPcache) and regular caches, respectively. These approaches present different tradeoffs between hardware complexity and performance overhead. To defend against attacks on instruction caches, we show that the PLcache with preloading and the RPcache provide good protection. To defend against attacks based on branch target buffers, we propose to adopt a new update policy to eliminate potential information leaking. Our experiments show that the proposed schemes not only provide strong security protection but also incur small performance overhead.