We offer the first security analysis of cache compression, a promising architectural technique that is likely to appear in future mainstream processors. We find that cache compression has novel security implications because the compressibility of a cache line reveals information about its contents. Compressed caches introduce a new side channel that is especially insidious, as simply storing data transmits information about the data. We present two techniques that make attacks on compressed caches practical. Pack+Probe allows an attacker to learn the compressibility of victim cache lines, and Safecracker leaks secret data efficiently by strategically changing the values of nearby data. Our evaluation on a proof-of-concept application shows that, on a representative compressed cache architecture, Safecracker lets an attacker compromise an 8-byte secret key in under 10 ms. Even worse, Safecracker can be combined with latent memory safety vulnerabilities to leak a large fraction of program memory.

中文翻译：

---

通过压缩缓存泄露秘密

我们提供了缓存压缩的首次安全性分析，这是一种有前途的架构技术，可能会出现在未来的主流处理器中。我们发现缓存压缩具有新的安全隐患，因为缓存行的可压缩性揭示了有关其内容的信息。压缩缓存引入了一个特别隐蔽的新边信道，因为简单地存储数据会传输有关数据的信息。我们提出了两种使压缩缓存攻击变得可行的技术。Pack+Probe 允许攻击者了解受害者缓存行的可压缩性，而 Safecracker 通过战略性地改变附近数据的值来有效地泄露秘密数据。我们对概念验证应用程序的评估表明，在具有代表性的压缩缓存架构上，Safecracker 让攻击者可以在 10 毫秒内破解一个 8 字节的密钥。更糟糕的是，Safecracker 可以结合潜在的内存安全漏洞来泄漏大部分程序内存。