Scatter and Split Securely: Defeating Cache Contention and Occupancy Attacks

Lukas Giner, Stefan Steinegger, Antoon Purnal, Maria Eichlseder, Thomas Unterluggauer, Stefan Mangard, Daniel Gruss

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

Abstract

In this paper, we propose SassCache, a secure skewed associative cache with keyed index mapping. For this purpose, we design a new two-layered, low-latency cryptographic construction with configurable output coverage based on state-of-the-art cryptographic primitives. Based on this construction, SassCache is the first secure randomized cache with secure spacing. Victim cache lines automatically hide in locations the attacker cannot reach after less than 1 access on average. Consequently, attackers cannot evict the cache line, no matter which and how many memory accesses they perform. Our security analysis shows that all existing techniques for eviction set construction fail, and state-of-the-art attacks only apply to 1 in 3 million addresses, where SassCache is still as secure as ScatterCache. Compared to standard caches, SassCache has a single-threaded performance penalty of 1.75 % on the last-level cache hit rate in the SPEC2017 benchmark, and an average decrease of 11.7 p.p. in hit rate for MiBench, GAP and Scimark for our high-security settings.
Original languageEnglish
Title of host publication44th IEEE Symposium on Security and Privacy (S&P 2023)
Publication statusAccepted/In press - 10 Nov 2022
Event44th IEEE Symposium on Security and Privacy: S&P 2023 - San Francisco, United States
Duration: 22 May 202325 May 2023
https://www.ieee-security.org/TC/SP2023/

Course

Course44th IEEE Symposium on Security and Privacy
Abbreviated titleS&P 2023
Country/TerritoryUnited States
CitySan Francisco
Period22/05/2325/05/23
Internet address

Keywords

  • secure cache
  • cache architecture
  • side channel
  • Cryptography

Fingerprint

Dive into the research topics of 'Scatter and Split Securely: Defeating Cache Contention and Occupancy Attacks'. Together they form a unique fingerprint.

Cite this