Guard Cache: Creating False Cache Hits and Misses To Mitigate Side-Channel Attacks

Cache side-channel attacks have exposed serious security vulnerabilities in modern architectures. These attacks rely on measuring cache access times to determine if an access to an address is a hit or a miss in the cache. Such information can be used to identify which addresses were accessed by the victim, which in turn can be used to reveal or at least guess the information accessed by the victim. Mitigating the attacks while preserving the performance has been a challenge. The hardware mitigation techniques used in the literature include complex cache indexing mechanisms, partitioning cache memories, and hiding or undoing the effects of speculation. In this paper, we present a Guard Cache to obfuscate cache timing, making it more difficult for cache timing attacks to succeed. We create false cache hits by using the Guard Cache as a Victim Cache, and false cache misses by randomly evicting cache lines. Our obfuscations can be turned-on and turned-off on demand to protect critical sections or randomly to further obfuscate cache access times. We show that our false hits cause very minimal performance penalties ranging between -0.2% to 3.0% performance loss, while false misses can cause higher performance losses. We also show that our approach causes different number of cache hits and misses and different addresses causing misses when compared to traditional caches, demonstrating that common side-channel attacks such as Prime &Probe, Flush &Reload or Evict &Time are likely to misinterpret victims' memory accesses. We use very small Guard Caches (1KiB-2KiB at L1 or 2KiB-4KiB at L2) requiring very minimal additional hardware. The hardware needed for random evictions is also minimal.