Skip to main content

A software approach to defeating side channels in last-level caches

Publication ,  Conference
Zhou, Z; Reiter, MK; Zhang, Y
Published in: Proceedings of the ACM Conference on Computer and Communications Security
October 24, 2016

We present a software approach to mitigate access-driven side-channel attacks that leverage last-level caches (LLCs) shared across cores to leak information between security domains (e.g., tenants in a cloud). Our approach dynamically manages physical memory pages shared between security domains to disable sharing of LLC lines, thus preventing "Flush-Reload" side channels via LLCs. It also manages cacheability of memory pages to thwart cross-tenant "Prime-Probe" attacks in LLCs. We have implemented our approach as a memory management subsystem called CacheBar within the Linux kernel to intervene on such side channels across container boundaries, as containers are a common method for enforcing tenant isolation in Platformas-a-Service (PaaS) clouds. Through formal verification, principled analysis, and empirical evaluation, we show that CacheBar achieves strong security with small performance overheads for PaaS workloads.

Duke Scholars

Altmetric Attention Stats
Dimensions Citation Stats

Published In

Proceedings of the ACM Conference on Computer and Communications Security

DOI

ISSN

1543-7221

Publication Date

October 24, 2016

Volume

24-28-October-2016

Start / End Page

871 / 882
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Zhou, Z., Reiter, M. K., & Zhang, Y. (2016). A software approach to defeating side channels in last-level caches. In Proceedings of the ACM Conference on Computer and Communications Security (Vol. 24-28-October-2016, pp. 871–882). https://doi.org/10.1145/2976749.2978324
Zhou, Z., M. K. Reiter, and Y. Zhang. “A software approach to defeating side channels in last-level caches.” In Proceedings of the ACM Conference on Computer and Communications Security, 24-28-October-2016:871–82, 2016. https://doi.org/10.1145/2976749.2978324.
Zhou Z, Reiter MK, Zhang Y. A software approach to defeating side channels in last-level caches. In: Proceedings of the ACM Conference on Computer and Communications Security. 2016. p. 871–82.
Zhou, Z., et al. “A software approach to defeating side channels in last-level caches.” Proceedings of the ACM Conference on Computer and Communications Security, vol. 24-28-October-2016, 2016, pp. 871–82. Scopus, doi:10.1145/2976749.2978324.
Zhou Z, Reiter MK, Zhang Y. A software approach to defeating side channels in last-level caches. Proceedings of the ACM Conference on Computer and Communications Security. 2016. p. 871–882.

Published In

Proceedings of the ACM Conference on Computer and Communications Security

DOI

ISSN

1543-7221

Publication Date

October 24, 2016

Volume

24-28-October-2016

Start / End Page

871 / 882