On The Effect of Replacement Policies on The Security of Randomized Cache Architectures
- URL: http://arxiv.org/abs/2312.06235v1
- Date: Mon, 11 Dec 2023 09:21:43 GMT
- Title: On The Effect of Replacement Policies on The Security of Randomized Cache Architectures
- Authors: Moritz Peters, Nicolas Gaudin, Jan Philipp Thoma, Vianney Lapôtre, Pascal Cotret, Guy Gogniat, Tim Güneysu,
- Abstract summary: We show that the construction of eviction sets with our new policy, VARP-64, requires over 25-times more cache accesses than with the random replacement policy.
We develop two new replacement policies and evaluate a total of five replacement policies regarding their security against Prime+Prune+Probe attackers.
- Score: 3.657370759311754
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Randomizing the mapping of addresses to cache entries has proven to be an effective technique for hardening caches against contention-based attacks like Prime+Prome. While attacks and defenses are still evolving, it is clear that randomized caches significantly increase the security against such attacks. However, one aspect that is missing from most analyses of randomized cache architectures is the choice of the replacement policy. Often, only the random- and LRU replacement policies are investigated. However, LRU is not applicable to randomized caches due to its immense hardware overhead, while the random replacement policy is not ideal from a performance and security perspective. In this paper, we explore replacement policies for randomized caches. We develop two new replacement policies and evaluate a total of five replacement policies regarding their security against Prime+Prune+Probe attackers. Moreover, we analyze the effect of the replacement policy on the system's performance and quantify the introduced hardware overhead. We implement randomized caches with configurable replacement policies in software and hardware using a custom cache simulator, gem5, and the CV32E40P RISC-V core. Among others, we show that the construction of eviction sets with our new policy, VARP-64, requires over 25-times more cache accesses than with the random replacement policy while also enhancing overall performance.
Related papers
- Proximal Ranking Policy Optimization for Practical Safety in Counterfactual Learning to Rank [64.44255178199846]
We propose a novel approach, proximal ranking policy optimization (PRPO), that provides safety in deployment without assumptions about user behavior.
PRPO removes incentives for learning ranking behavior that is too dissimilar to a safe ranking model.
Our experiments show that PRPO provides higher performance than the existing safe inverse propensity scoring approach.
arXiv Detail & Related papers (2024-09-15T22:22:27Z) - RollingCache: Using Runtime Behavior to Defend Against Cache Side Channel Attacks [2.9221371172659616]
We present RollingCache, a cache design that defends against contention attacks by dynamically changing the set of addresses contending for cache sets.
RollingCache does not rely on address encryption/decryption, data relocation, or cache partitioning.
Our solution does not depend on having defined security domains, and can defend against an attacker running on the same or another core.
arXiv Detail & Related papers (2024-08-16T15:11:12Z) - Efficient Inference of Vision Instruction-Following Models with Elastic Cache [76.44955111634545]
We introduce Elastic Cache, a novel strategy for efficient deployment of instruction-following large vision-language models.
We propose an importance-driven cache merging strategy to prune redundancy caches.
For instruction encoding, we utilize the frequency to evaluate the importance of caches.
Results on a range of LVLMs demonstrate that Elastic Cache not only boosts efficiency but also notably outperforms existing pruning methods in language generation.
arXiv Detail & Related papers (2024-07-25T15:29:05Z) - SEA Cache: A Performance-Efficient Countermeasure for Contention-based Attacks [4.144828482272047]
We extend an existing secure cache design, CEASER-SH cache, and propose the SEA cache.
The novel cache configurations in both caches are logical associativity, which allows the cache line to be placed not only in its mapped cache set but also in the subsequent cache sets.
Compared to a CEASER-SH cache with logical associativity of 8, an SEA cache with logical associativity of 1 for normal protection users and 16 for high protection users has a Cycles Per Instruction penalty that is about 0.6% less for users under normal protections and provides better security against contention-based attacks
arXiv Detail & Related papers (2024-05-30T13:12:53Z) - Systematic Evaluation of Randomized Cache Designs against Cache Occupancy [11.018866935621045]
This work fills in a crucial gap in current literature on randomized caches.
Most randomized cache designs defend only contention-based attacks, and leave out considerations of cache occupancy.
Our results establish the need to also consider cache occupancy side-channel in randomized cache design considerations.
arXiv Detail & Related papers (2023-10-08T14:06:06Z) - Random and Safe Cache Architecture to Defeat Cache Timing Attacks [5.142233612851766]
Caches have been exploited to leak secret information due to the different times they take to handle memory accesses.
We present a systematic view of the attack and defense space and show that no existing defense has addressed all cache timing attacks.
We propose Random and Safe (RaS) cache architectures to decorrelate cache state changes from memory requests.
arXiv Detail & Related papers (2023-09-28T05:08:16Z) - Random Boxes Are Open-world Object Detectors [71.86454597677387]
We show that classifiers trained with random region proposals achieve state-of-the-art Open-world Object Detection (OWOD)
We propose RandBox, a Fast R-CNN based architecture trained on random proposals at each training.
RandBox significantly outperforms the previous state-of-the-art in all metrics.
arXiv Detail & Related papers (2023-07-17T05:08:32Z) - BackCache: Mitigating Contention-Based Cache Timing Attacks by Hiding Cache Line Evictions [7.46215723037597]
L1 data cache attacks pose a significant privacy and confidentiality threat.
BackCache always achieves cache hits instead of cache misses to mitigate contention-based cache timing attacks on the L1 data cache.
BackCache places the evicted cache lines from the L1 data cache into a fully-associative backup cache to hide the evictions.
arXiv Detail & Related papers (2023-04-20T12:47:11Z) - Memory-Constrained Policy Optimization [59.63021433336966]
We introduce a new constrained optimization method for policy gradient reinforcement learning.
We form a second trust region through the construction of another virtual policy that represents a wide range of past policies.
We then enforce the new policy to stay closer to the virtual policy, which is beneficial in case the old policy performs badly.
arXiv Detail & Related papers (2022-04-20T08:50:23Z) - Multi-Objective SPIBB: Seldonian Offline Policy Improvement with Safety
Constraints in Finite MDPs [71.47895794305883]
We study the problem of Safe Policy Improvement (SPI) under constraints in the offline Reinforcement Learning setting.
We present an SPI for this RL setting that takes into account the preferences of the algorithm's user for handling the trade-offs for different reward signals.
arXiv Detail & Related papers (2021-05-31T21:04:21Z) - Reinforcement Learning for Caching with Space-Time Popularity Dynamics [61.55827760294755]
caching is envisioned to play a critical role in next-generation networks.
To intelligently prefetch and store contents, a cache node should be able to learn what and when to cache.
This chapter presents a versatile reinforcement learning based approach for near-optimal caching policy design.
arXiv Detail & Related papers (2020-05-19T01:23:51Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.