DAMARU: A Denial-of-Service Attack on Randomized Last-Level Caches

Abstract

Cross-core conflict-based timing attacks like Prime+Probe at the shared last-level cache (LLC) are practical and can cause information leakage. Cache address randomization is one of the techniques that claim to mitigate these attacks. CEASER, CEASER-S, and ScatterCache are the three recent randomized caches that use encryption engines to randomize the memory address mapping. CEASER and CEASER-S, along with encryption engines, remap the cache blocks periodically to break the static mapping of memory blocks into the LLC blocks. Encryption engine and remapping provide security to the randomized caches. However, access to encryption engines and the remapping of cache blocks are on the critical path of LLC accesses. We target encryption engine and remapping of randomized cache to mount a denial of service (DoS) attack named DAMARU. In DAMARU, the attacker frequently sends memory requests to the LLC that causes an increase in the victim's LLC access waiting time for the encryption engine. DAMARU is the first DoS attack on randomized caches where an attacker can cause a DoS even without thrashing the LLC. DAMARU provides a performance slowdown of up to 3.19X and 6X for 8-core and 16-core simulated systems, respectively. In terms of performance slowdown, the effectiveness of our DAMARU attack decreases with an increase in the number of encryption engines.