CONFERENCE PROCEEDINGS
Advanced Search
Home > Proceedings > Volume 13175 > Article
Paper
6 June 2024 Isolate cache shield: defending cache attacks via cache set isolation
Kai Nie, Rongcai Zhao, Xiao Zhang, Tongguang Li
Author Affiliations +
Proceedings Volume 13175, International Conference on Computer Network Security and Software Engineering (CNSSE 2024); 131750A (2024) https://doi.org/10.1117/12.3032005
Event: 4th International Conference on Computer Network Security and Software Engineering (CNSSE 2024), 2024, Sanya, China
Abstract
Cache isolation is a highly effective method for defending against cache side-channel attacks. This approach divides the cache into different isolation domains, assigning distinct domains to mutually untrusted processes, preventing processes from sharing the cache across domains. However, existing solutions have certain limitations. Cache partitioning based on ways has a limited number of isolation domains and may not fully meet users' practical needs. Page coloring schemes require proportional allocation of memory and cache, which is inflexible. This paper introduces ICS, a flexible and secure cache isolation solution. ICS supports up to hundreds of isolation domains, with memory allocation independent of the cache. Additionally, domain management is convenient. ICS is a set isolation solution, with its core being SMT. SMT modifies the mapping relationship between memory and LLC, directing the memory of different isolation domains to distinct cache sets. Implemented with a 1MB 16-way LLC, ICS can support a maximum of 512 isolation domains, with a storage overhead of approximately 1.3% and performance loss of around 1%. It represents a cost-effective method for defending against cache side-channel attacks.
(2024) Published by SPIE. Downloading of the abstract is permitted for personal use only.
Citation Download Citation
Kai Nie, Rongcai Zhao, Xiao Zhang, and Tongguang Li "Isolate cache shield: defending cache attacks via cache set isolation", Proc. SPIE 13175, International Conference on Computer Network Security and Software Engineering (CNSSE 2024), 131750A (6 June 2024); https://doi.org/10.1117/12.3032005
ACCESS THE FULL ARTICLE
ORGANIZATIONAL
Sign in with credentials provided by your organization.
INSTITUTIONAL
Select your institution to access the SPIE Digital Library.
SELECT YOUR INSTITUTION
PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
PERSONAL SIGN IN
No SPIE Account? Create one
PURCHASE THIS CONTENT
SUBSCRIBE TO DIGITAL LIBRARY
50 downloads per 1-year subscription
Members: $195
Non-members: $335 ADD TO CART
25 downloads per 1 - year subscription
Members: $145
Non-members: $250 ADD TO CART
PURCHASE SINGLE ARTICLE
Includes PDF, HTML & Video, when available
Members: $17.00
Non-members: $21.00 ADD TO CART
PROCEEDINGS
 10 PAGES
DOWNLOAD PAPER SAVE TO MY LIBRARY
GET CITATION
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
KEYWORDS
Design
Defense and security
Computer security
Operating systems
Information security
Logic
Clocks
RELATED CONTENT
Subscribe to Digital Library
Receive Erratum Email Alert
Back to Top