当前位置: X-MOL 学术IEEE Trans. Comput. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Leaking Information Through Cache LRU States in Commercial Processors and Secure Caches
IEEE Transactions on Computers ( IF 3.7 ) Pub Date : 2021-02-16 , DOI: 10.1109/tc.2021.3059531
Wenjie Xiong 1 , Stefan Katzenbeisser 2 , Jakub Szefer 1
Affiliation  

The Least-Recently Used (LRU) cache replacement policy and its variants are widely deployed in modern processors. This article shows in detail that the LRU states of caches can be used to leak information: any access to a cache by a sender will modify the LRU state, and the receiver is able to observe this through a timing measurement. This article presents LRU timing-based channels both when the sender and the receiver have access to shared memory, e.g., shared library, and when they are separate processes without shared memory. In addition, the new LRU timing-based channels are demonstrated on both Intel and AMD processors in scenarios where the sender and the receiver are sharing the cache in both hyper-threaded setting and time-sliced setting. The transmission rates of the LRU channels can be up to 600 Kbps per cache set in the hyper-threaded setting. Different from the majority of existing cache channels which require the sender to trigger cache misses, the new LRU channels work with the sender only having cache hits, making the channel faster and stealthier. This article further discusses the effectiveness of the new LRU channels against a number of secure cache designs. Especially, the LRU channels are demonstrated to work against two representative secure caches, Partition-Locked (PL) cache and Random Fill (RF) cache, in the gem5 simulator, showing possible vulnerabilities in the secure cache designs in which the security of the replacement state is not protected properly.
更新日期:2021-03-16
down
wechat
bug