Capturing and Obscuring Ping-Pong Patterns to Mitigate Continuous Attacks

In this paper, we observed Continuous Attacks are one kind of common side channel attack scenarios, where an adversary frequently probes the same target cache lines in a short time. Continuous Attacks cause target cache lines to go through multiple load-evict processes, exhibiting Ping-Pong Patterns. Identifying and obscuring Ping-Pong Patterns effectively interferes with the attacker’s probe and mitigates Continuous Attacks. Based on the observations, this paper proposes Ping-Pong Regulator to identify multiple Ping-Pong Patterns and block them with different strategies (Preload or Lock). The Preload proactively loads target lines into the cache, causing the attacker to mistakenly infer that the victim has accessed these lines; the Lock fixes the attacked lines’ directory entries on the last level cache directory until they are evicted out of caches, making an attacker’s observation of the locked lines is always the L2 cache miss. The experimental evaluation demonstrates that the Ping-Pong Regulator efficiently identifies and secures attacked lines, induces negligible performance impacts and storage overhead, and does not require any software support.

[1]  Gernot Heiser,et al.  CATalyst: Defeating last-level cache side channel attacks in cloud computing , 2016, 2016 IEEE International Symposium on High Performance Computer Architecture (HPCA).

[2]  Dan Meng,et al.  Security-first architecture: deploying physically isolated active security processors for safeguarding the future of computing , 2018, Cybersecurity.

[3]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[4]  Gernot Heiser,et al.  Last-Level Cache Side-Channel Attacks are Practical , 2015, 2015 IEEE Symposium on Security and Privacy.

[5]  Moinuddin K. Qureshi CEASER: Mitigating Conflict-Based Cache Attacks via Encrypted-Address and Remapping , 2018, 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[6]  Kai Wang,et al.  CacheGuard: a security-enhanced directory architecture against continuous attacks , 2019, CF.

[7]  Andrew Ferraiuolo,et al.  SecDCP: Secure dynamic cache partitioning for efficient timing channel protection , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[8]  Josep Torrellas,et al.  Attack Directories, Not Caches: Side Channel Attacks in a Non-Inclusive World , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[9]  Ruby B. Lee,et al.  New cache designs for thwarting software cache-based side channel attacks , 2007, ISCA '07.

[10]  Aamer Jaleel,et al.  Achieving Non-Inclusive Cache Performance with Inclusive Caches: Temporal Locality Aware (TLA) Cache Management Policies , 2010, 2010 43rd Annual IEEE/ACM International Symposium on Microarchitecture.

[11]  Klaus Wagner,et al.  Flush+Flush: A Fast and Stealthy Cache Attack , 2015, DIMVA.

[12]  Somayeh Sardashti,et al.  The gem5 simulator , 2011, CARN.

[13]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.