Cloud providers are increasingly exposed to malicious actors through transient attacks, such as Spectre and Meltdown. The cache hierarchy is the main target to build the required side-channels to leak data. Randomized caches can be employed to provide security but often rely on cryptographic primitives to deter side-channel attacks. These increase the access latency and deteriorates the system performance. This paper shows that randomized caches do not have to increase the cache access latency, and that their security does not have to rely on a cryptographic hash function or block-cipher. Herein, CoDi$ is proposed, a randomized last level cache that achieves security by tying the local and global states. Security is achieved through a higher miss energy consumption and occupied area, instead of penalizing performance. CoDi$ is able to evict any cached address by allowing addresses to be displaced in two levels of freedom, through hopscotch (local state) and cuckoo hashing (global state), without increasing the hit latency. Through these displacements, paths can be built to the eviction address. The security of CoDi$ relies on the hardness to control all possible displacement paths when a miss occurs, which requires control over the local and global states of the cache simultaneously. Confusion is generated when evicting an address, as there are many possible cache states that could result from this eviction. Also, for each executed eviction, multiple addresses in the cache are non-deterministically displaced, providing diffusion. Moreover, experimental analysis for a 48-bit secure CoDi$, using SPEC, NPB, and Polybench benchmarks, shows improvements in the number of instructions per cycle and up to 5% in misses, when compared to two state-of-the-art randomized caches.
Read full abstract