Skip navigation
Please use this identifier to cite or link to this item:
Title: Cache Side Channel Attacks and Secure Cache Architectures
Authors: Liu, Fangfei
Advisors: Lee, Ruby B.
Contributors: Electrical Engineering Department
Keywords: cache
commputer architecture
information leakage
side channel attacks
Subjects: Electrical engineering
Issue Date: 2016
Publisher: Princeton, NJ : Princeton University
Abstract: With the number of cyber attacks escalating, it is crucial to protect the confidentiality and integrity of data and programs in our networked computer systems. Although strong cryptography can be used to encrypt and authenticate data, it is rendered useless if the secret keys can be leaked out. It turns out that this can be done easily through cache side channel attacks. Today, all processors with caches are susceptible to cache side channel attacks --- this enables attackers to compromise all computers from smartphones to cloud computers. The goal of this dissertation is to design secure caches with built-in resistance to cache side channel attacks. The rest part of the dissertation focuses on designing secure L1 caches using a moving target defense strategy. We first systematically study the security, performance and physical characteristics of Newcache, which can randomize where a data is located in the cache. We show the feasibility of designing Newcache, with comparable performance and power consumption as conventional set-associative caches of the same size. We find that Newcache can defeat contention based attacks, but is still susceptible to some reuse based attacks. We further propose a novel random fill cache architecture to defeat the reuse based attacks. A random fill cache can randomize when data is fetched into the cache, which only requires small changes to the cache controller and is complementary to Newcache. We further study attacks and defenses on the last-level caches (LLC). In cloud computing, LLC attacks may be more pertinent to the virtual machine co-residency threats, since the LLC is shared by all the cores in a processor package, while the L1 and L2 caches are typically core-private. The dissertation demonstrates the first practical LLC attacks that can leak a private key used in a co-resident virtual machine. To defeat these LLC attacks, we propose a system solution, which leverages the Intel Cache Allocation Technology (CAT). This is a hardware feature newly introduced in Intel processors which we use for security enhancement instead. Our solution creates finer grained secure partitions, and can provide a strong security guarantee with negligible performance degradation.
Alternate format: The Mudd Manuscript Library retains one bound copy of each dissertation. Search for these copies in the library's main catalog:
Type of Material: Academic dissertations (Ph.D.)
Language: en
Appears in Collections:Electrical Engineering

Files in This Item:
File Description SizeFormat 
Liu_princeton_0181D_11920.pdf9.11 MBAdobe PDFView/Download

Items in Dataspace are protected by copyright, with all rights reserved, unless otherwise indicated.