Cache timing channels operate stealthily through modulating the cache access latencies, and exfiltrate sensitive information to malicious adversaries. Among several forms of such timing channels, covert channels are especially dangerous since they involve two colluding processes (namely, the trojan and spy), and are often difficult to stop or prevent. In this article, we propose and demonstrate PrODACT, a low-cost mitigation mechanism using hardware prefetchers to defend against cache-based timing channels. Our detection mechanism first identifies the target cache sets that are being exploited by the adversaries, and then the counterattack mechanism fetches cache blocks to obliterate the pattern of cache accesses (misses and hits) created to construct timing channel between the trojan and the spy. We evaluate PrODACT on different classes of cache timing channel protocols that use different numbers of cache block groups for covert communication in a round-robin or parallel fashion. We observe that the cache timing channels suffer an average 50% bit error rate (with a minimum of at least 30%) which makes it very difficult or impossible for spy to decipher any useful information.

中文翻译：

---

PrODACT：预取混淆器防御缓存时序通道

缓存定时通道通过调节缓存访问延迟来秘密运行，并将敏感信息泄露给恶意对手。在这种计时通道的几种形式中，隐蔽通道尤其危险，因为它们涉及两个共谋过程（即木马和间谍），并且通常难以阻止或预防。在本文中，我们提出并演示了 PrODACT，这是一种使用硬件预取器来防御基于缓存的时序通道的低成本缓解机制。我们的检测机制首先识别攻击者正在利用的目标缓存集，然后反击机制获取缓存块以消除为构建木马和间谍之间的定时通道而创建的缓存访问模式（未命中和命中）。我们在不同类别的缓存时序通道协议上评估 PrODACT，这些协议使用不同数量的缓存块组以循环或并行方式进行隐蔽通信。我们观察到缓存定时通道的平均误码率为 50%（最低至少为 30%），这使得间谍很难或不可能破译任何有用的信息。