Addendum: Systematic Evaluation of Randomized Cache Designs against Cache Occupancy

• URL: http://arxiv.org/abs/2510.16871v1
• Date: Sun, 19 Oct 2025 15:13:25 GMT
• Title: Addendum: Systematic Evaluation of Randomized Cache Designs against Cache Occupancy
• Authors: Anirban Chakraborty, Nimish Mishra, Sayandeep Saha, Sarani Bhattacharya, Debdeep Mukhopadhyay,
• Abstract summary: This note is meant as an addendum to the main text published at USENIX Security 2025.<n>In this note, we argue that L1d cache size plays a role in adversarial success, and that a patched version of MIRAGE with randomized initial seeding of global eviction map prevents leakage of AES key.
• Score: 11.596892993188938
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: In the main text published at USENIX Security 2025, we presented a systematic analysis of the role of cache occupancy in the design considerations for randomized caches (from the perspectives of performance and security). On the performance front, we presented a uniform benchmarking strategy that allows for a fair comparison among different randomized cache designs. Likewise, from the security perspective, we presented three threat assumptions: (1) covert channels; (2) process fingerprinting side-channel; and (3) AES key recovery. The main takeaway of our work is an open problem of designing a randomized cache of comparable efficiency with modern set-associative LLCs, while still resisting both contention-based and occupancy-based attacks. This note is meant as an addendum to the main text in light of the observations made in [2]. To summarize, the authors in [2] argue that (1) L1d cache size plays a role in adversarial success, and that (2) a patched version of MIRAGE with randomized initial seeding of global eviction map prevents leakage of AES key. We discuss the same in this addendum.

Related papers

• From Similarity to Vulnerability: Key Collision Attack on LLM Semantic Caching [7.164841206695704]
  We present the first systematic study of integrity risks arising from cache collisions.<n>We introduce CacheAttack, an automated framework for launching black-box collision attacks.<n>A case study on a financial agent illustrates the real-world impact of these vulnerabilities.
  arXiv  Detail & Related papers  (2026-01-30T15:37:00Z)
• Yet Another Mirage of Breaking MIRAGE: Debunking Occupancy-based Side-Channel Attacks on Fully Associative Randomized Caches [3.036596192442501]
  Recent work presented at USENIX Security 2025 claims that occupancy-based attacks can recover AES keys from the MIRAGE randomized cache.<n>In this paper, we examine these claims and find that they arise from a modeling flaw in the SEC'25 paper.
  arXiv  Detail & Related papers  (2025-08-14T08:04:15Z)
• Advancing Reliable Test-Time Adaptation of Vision-Language Models under Visual Variations [67.35596444651037]
  Vision-language models (VLMs) exhibit remarkable zero-shot capabilities but struggle with distribution shifts in downstream tasks when labeled data is unavailable.<n>We propose a Reliable Test-time Adaptation (ReTA) method that enhances reliability from two perspectives.
  arXiv  Detail & Related papers  (2025-07-13T05:37:33Z)
• Tit-for-Tat: Safeguarding Large Vision-Language Models Against Jailbreak Attacks via Adversarial Defense [90.71884758066042]
  Large vision-language models (LVLMs) introduce a unique vulnerability: susceptibility to malicious attacks via visual inputs.<n>We propose ESIII (Embedding Security Instructions Into Images), a novel methodology for transforming the visual space from a source of vulnerability into an active defense mechanism.
  arXiv  Detail & Related papers  (2025-03-14T17:39:45Z)
• InputSnatch: Stealing Input in LLM Services via Timing Side-Channel Attacks [9.748438507132207]
  Large language models (LLMs) possess extensive knowledge and question-answering capabilities.<n> cache-sharing methods are commonly employed to enhance efficiency by reusing cached states or responses for the same or similar inference requests.<n>We propose a novel timing-based side-channel attack to execute input theft in LLMs inference.
  arXiv  Detail & Related papers  (2024-11-27T10:14:38Z)
• RollingCache: Using Runtime Behavior to Defend Against Cache Side Channel Attacks [2.9221371172659616]
  We present RollingCache, a cache design that defends against contention attacks by dynamically changing the set of addresses contending for cache sets. RollingCache does not rely on address encryption/decryption, data relocation, or cache partitioning. Our solution does not depend on having defined security domains, and can defend against an attacker running on the same or another core.
  arXiv  Detail & Related papers  (2024-08-16T15:11:12Z)
• Efficient Inference of Vision Instruction-Following Models with Elastic Cache [76.44955111634545]
  We introduce Elastic Cache, a novel strategy for efficient deployment of instruction-following large vision-language models. We propose an importance-driven cache merging strategy to prune redundancy caches. For instruction encoding, we utilize the frequency to evaluate the importance of caches. Results on a range of LVLMs demonstrate that Elastic Cache not only boosts efficiency but also notably outperforms existing pruning methods in language generation.
  arXiv  Detail & Related papers  (2024-07-25T15:29:05Z)
• PCG: Mitigating Conflict-based Cache Side-channel Attacks with Prefetching [6.884097465523025]
  This paper proposes a novel prefetching-based scheme, called PCG. It combines adding victim-irrelevant cache occupancy changes and reducing victim-relevant cache occupancy changes to disrupt attackers. PCG shows an average performance improvement of about 1.64% and incurs only 1.26% overhead on hardware resource consumption.
  arXiv  Detail & Related papers  (2024-05-06T07:26:53Z)
• Systematic Evaluation of Randomized Cache Designs against Cache Occupancy [11.018866935621045]
  This work fills in a crucial gap in current literature on randomized caches.<n>Most randomized cache designs defend only contention-based attacks, and leave out considerations of cache occupancy.<n>Our results establish the need to also consider cache occupancy side-channel in randomized cache design considerations.
  arXiv  Detail & Related papers  (2023-10-08T14:06:06Z)
• Open-set Adversarial Defense [93.25058425356694]
  We show that open-set recognition systems are vulnerable to adversarial attacks. Motivated by this observation, we emphasize the need of an Open-Set Adrial Defense (OSAD) mechanism. This paper proposes an Open-Set Defense Network (OSDN) as a solution to the OSAD problem.
  arXiv  Detail & Related papers  (2020-09-02T04:35:33Z)
• A Self-supervised Approach for Adversarial Robustness [105.88250594033053]
  Adversarial examples can cause catastrophic mistakes in Deep Neural Network (DNNs) based vision systems. This paper proposes a self-supervised adversarial training mechanism in the input space. It provides significant robustness against the textbfunseen adversarial attacks.
  arXiv  Detail & Related papers  (2020-06-08T20:42:39Z)
• Hidden Cost of Randomized Smoothing [72.93630656906599]
  In this paper, we point out the side effects of current randomized smoothing. Specifically, we articulate and prove two major points: 1) the decision boundaries of smoothed classifiers will shrink, resulting in disparity in class-wise accuracy; 2) applying noise augmentation in the training process does not necessarily resolve the shrinking issue due to the inconsistent learning objectives.
  arXiv  Detail & Related papers  (2020-03-02T23:37:42Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.