Adelaide Research & Scholarship
Please use this identifier to cite or link to this item:
https://hdl.handle.net/2440/139560
| Citations | ||
| Scopus | Web of Science® | Altmetric |
|---|---|---|
|
?
|
?
|
|
| Type: | Conference paper |
| Title: | CacheFX: A Framework for Evaluating Cache Security |
| Author: | Genkin, D. Kosasih, W. Liu, F. Trikalinou, A. Unterluggauer, T. Yarom, Y. |
| Citation: | Proceedings of the ACM Conference on Computer and Communications Security, 2023, pp.163-176 |
| Publisher: | Association for Computing Machinery |
| Issue Date: | 2023 |
| ISBN: | 9798400700989 |
| ISSN: | 1543-7221 |
| Conference Name: | ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS) (10 Jul 2023 - 14 Jul 2023 : Melbourne, Australia) |
| Statement of Responsibility: | Daniel Genkin, William Kosasih, Fangfei Liu, Anna Trikalinou, Thomas Unterluggauer, Yuval Yarom |
| Abstract: | Over the last two decades, the danger of sharing resources between programs has been repeatedly highlighted. Multiple side-channel attacks, which seek to exploit shared components for leaking information, have been devised, mostly targeting shared caching components. In response, the research community has proposed multiple cache designs that aim at curbing the source of side channels. With multiple competing designs, there is a need for assessing the level of security against side-channel attacks that each design offers. Several metrics have been suggested for performing such evaluations. However, these tend to be limited both in terms of the potential adversaries they consider and in the applicability of the metric to real-world attacks, as opposed to attack techniques. Moreover, all existing metrics implicitly assume that a single metric can encompass the nuances of side-channel security. In this work we propose CacheFX, a flexible framework for assessing and evaluating the resilience of cache designs to sidechannel attacks. CacheFX allows the evaluator to implement various cache designs, victims, and attackers, as well as to exercise them for assessing the leakage of information via the cache. To demonstrate the power of CacheFX, we implement multiple cache designs and replacement algorithms, and devise three evaluation metrics that measure different aspects of the caches: (1) the entropy induced by a memory access; (2) the complexity of building an eviction set; (3) protection against cryptographic attacks; Our experiments highlight that different security metrics give different insights to designs, making a comprehensive analysis mandatory. For instance, while eviction-set building was fastest for randomized skewed caches, these caches featured lower eviction entropy and higher practical attack complexity. Our experiments show that all non-partitioned designs allow for effective cryptographic attacks. However, in state-of-the-art secure caches, eviction-based attacks are more difficult to mount than occupancy-based attacks, highlighting the need to consider the latter in cache design. |
| Keywords: | secure caches; side-channel attacks; security metrics |
| Rights: | © 2023 Copyright held by the owner/author(s). This work is licensed under a Creative Commons Attribution International 4.0 License. |
| DOI: | 10.1145/3579856.3595794 |
| Grant ID: | http://purl.org/au-research/grants/arc/DE200101577 http://purl.org/au-research/grants/arc/DP210102670 |
| Published version: | https://dl.acm.org/doi/proceedings/10.1145/3579856 |
| Appears in Collections: | Computer Science publications |
Files in This Item:
| File | Description | Size | Format | |
|---|---|---|---|---|
| hdl_139560.pdf | Published version | 831.13 kB | Adobe PDF | View/Open |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.