The cache-based covert channel is one of the common vulnerabilities exploited in the Spectre attacks.Current mitigation strategies focus on blocking the eviction-based channel by using a random/encrypted mapping funct...The cache-based covert channel is one of the common vulnerabilities exploited in the Spectre attacks.Current mitigation strategies focus on blocking the eviction-based channel by using a random/encrypted mapping function to translate memory address to the cache address,while the updated-based channel is still vulnerable.In addition,some mitigation strategies are also costly as it needs software and hardware modifications.In this paper,our objective is to devise low-cost,comprehensive-protection techniques for mitigating the Spectre attacks.We proposed a novel cache structure,named EBCache,which focuses on the RISC-V processor and applies the address encryption and blacklist to resist the Spectre attacks.The addresses encryption mechanism increases the difficulty of pruning a minimal eviction set.The blacklist mechanism makes the updated cache lines loaded by the malicious updates invisible.Our experiments demonstrated that the EBCache can prevent malicious modifications.The EBCache,however,reduces the processor’s performance by about 23%but involves only a low-cost modification in the hardware.展开更多
基金This work was supported in part by the China Ministry of Science and Technology under Grant 2015GA600002。
文摘The cache-based covert channel is one of the common vulnerabilities exploited in the Spectre attacks.Current mitigation strategies focus on blocking the eviction-based channel by using a random/encrypted mapping function to translate memory address to the cache address,while the updated-based channel is still vulnerable.In addition,some mitigation strategies are also costly as it needs software and hardware modifications.In this paper,our objective is to devise low-cost,comprehensive-protection techniques for mitigating the Spectre attacks.We proposed a novel cache structure,named EBCache,which focuses on the RISC-V processor and applies the address encryption and blacklist to resist the Spectre attacks.The addresses encryption mechanism increases the difficulty of pruning a minimal eviction set.The blacklist mechanism makes the updated cache lines loaded by the malicious updates invisible.Our experiments demonstrated that the EBCache can prevent malicious modifications.The EBCache,however,reduces the processor’s performance by about 23%but involves only a low-cost modification in the hardware.
