CacheRewinder: Revoking Speculative Cache Updates Exploiting Write-Back Buffer

Jongmin Lee; Junyeon Lee; Taeweon Suh; Gunjae Koo

doi:10.23919/DATE54114.2022.9774690

CacheRewinder: Revoking Speculative Cache Updates Exploiting Write-Back Buffer

Jongmin Lee, Junyeon Lee, Taeweon Suh, Gunjae Koo

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Transient execution attacks are critical security threats since those attacks exploit speculative execution which is an essential architectural solution that can improve the performance of out-of-order processors significantly. Such attacks change cache state by accessing secret data during speculative executions, then the attackers leak the secret information exploiting cache timing side-channels. Even though software patches against transient execution attacks have been proposed, the software solutions significantly slow down the performance of a system. In this paper, we propose CacheRewinder, an efficient hardware-based defense mechanism against transient execution attacks. CacheRewinder prevents leakage of secret information by revoking the cache updates done by speculative executions. To restore the cache state efficiently, CacheRewinder exploits the underutilized write-back buffer space as the temporary storage for victimized cache blocks evicted during speculative executions. Hence, when speculation fails CacheRewinder can quickly restore the cache state using the victim blocks held in the write-back buffer. Our evaluation exhibits CacheRewinder can effectively defend against transient execution attacks. The performance overhead by CacheRewinder is only 0.6%, which is negligible compared to the unprotected baseline processor. CacheRewinder also requires minimal storage cost since it exploits unused write-back buffer entries as storage for evicted cache blocks.

Original language	English
Title of host publication	Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022
Editors	Cristiana Bolchini, Ingrid Verbauwhede, Ioana Vatajelu
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	514-519
Number of pages	6
ISBN (Electronic)	9783981926361
DOIs	https://doi.org/10.23919/DATE54114.2022.9774690
Publication status	Published - 2022
Event	2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022 - Virtual, Online, Belgium Duration: 2022 Mar 14 → 2022 Mar 23

Publication series

Name	Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022

Conference

Conference	2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022
Country/Territory	Belgium
City	Virtual, Online
Period	22/3/14 → 22/3/23

Keywords

Cache Side-Channels
Secure Architecture
Speculative Execution
Transient Execution Attacks

ASJC Scopus subject areas

Artificial Intelligence
Computer Networks and Communications
Hardware and Architecture
Software
Safety, Risk, Reliability and Quality
Control and Optimization

Access to Document

10.23919/DATE54114.2022.9774690

Cite this

Lee, J., Lee, J., Suh, T., & Koo, G. (2022). CacheRewinder: Revoking Speculative Cache Updates Exploiting Write-Back Buffer. In C. Bolchini, I. Verbauwhede, & I. Vatajelu (Eds.), Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022 (pp. 514-519). (Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.23919/DATE54114.2022.9774690

CacheRewinder: Revoking Speculative Cache Updates Exploiting Write-Back Buffer. / Lee, Jongmin; Lee, Junyeon; Suh, Taeweon et al.
Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022. ed. / Cristiana Bolchini; Ingrid Verbauwhede; Ioana Vatajelu. Institute of Electrical and Electronics Engineers Inc., 2022. p. 514-519 (Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lee, J, Lee, J, Suh, T & Koo, G 2022, CacheRewinder: Revoking Speculative Cache Updates Exploiting Write-Back Buffer. in C Bolchini, I Verbauwhede & I Vatajelu (eds), Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022. Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022, Institute of Electrical and Electronics Engineers Inc., pp. 514-519, 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022, Virtual, Online, Belgium, 22/3/14. https://doi.org/10.23919/DATE54114.2022.9774690

Lee J, Lee J, Suh T , Koo G. CacheRewinder: Revoking Speculative Cache Updates Exploiting Write-Back Buffer. In Bolchini C, Verbauwhede I, Vatajelu I, editors, Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022. Institute of Electrical and Electronics Engineers Inc. 2022. p. 514-519. (Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022). doi: 10.23919/DATE54114.2022.9774690

Lee, Jongmin ; Lee, Junyeon ; Suh, Taeweon et al. / CacheRewinder : Revoking Speculative Cache Updates Exploiting Write-Back Buffer. Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022. editor / Cristiana Bolchini ; Ingrid Verbauwhede ; Ioana Vatajelu. Institute of Electrical and Electronics Engineers Inc., 2022. pp. 514-519 (Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022).

@inproceedings{cdc8dce3c929494492e73a6590144d17,

title = "CacheRewinder: Revoking Speculative Cache Updates Exploiting Write-Back Buffer",

abstract = "Transient execution attacks are critical security threats since those attacks exploit speculative execution which is an essential architectural solution that can improve the performance of out-of-order processors significantly. Such attacks change cache state by accessing secret data during speculative executions, then the attackers leak the secret information exploiting cache timing side-channels. Even though software patches against transient execution attacks have been proposed, the software solutions significantly slow down the performance of a system. In this paper, we propose CacheRewinder, an efficient hardware-based defense mechanism against transient execution attacks. CacheRewinder prevents leakage of secret information by revoking the cache updates done by speculative executions. To restore the cache state efficiently, CacheRewinder exploits the underutilized write-back buffer space as the temporary storage for victimized cache blocks evicted during speculative executions. Hence, when speculation fails CacheRewinder can quickly restore the cache state using the victim blocks held in the write-back buffer. Our evaluation exhibits CacheRewinder can effectively defend against transient execution attacks. The performance overhead by CacheRewinder is only 0.6%, which is negligible compared to the unprotected baseline processor. CacheRewinder also requires minimal storage cost since it exploits unused write-back buffer entries as storage for evicted cache blocks.",

keywords = "Cache Side-Channels, Secure Architecture, Speculative Execution, Transient Execution Attacks",

author = "Jongmin Lee and Junyeon Lee and Taeweon Suh and Gunjae Koo",

note = "Funding Information: ACKNOWLEDGEMENT This work was supported by the Institute of Information and Communications Technology Planning and Evaluation grants funded by the Korea government (MSIT) (No. 2019-0-00533, Research on CPU Vulnerability Detection and Validation / No. 2019-0-01343, Regional Strategic Industry Convergence Security Core Talent Training Business / IITP-2021-2020-0-01819, ICT Creative Consilience Program). Publisher Copyright: {\textcopyright} 2022 EDAA.; 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022 ; Conference date: 14-03-2022 Through 23-03-2022",

year = "2022",

doi = "10.23919/DATE54114.2022.9774690",

language = "English",

series = "Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "514--519",

editor = "Cristiana Bolchini and Ingrid Verbauwhede and Ioana Vatajelu",

booktitle = "Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022",

}

TY - GEN

T1 - CacheRewinder

T2 - 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022

AU - Lee, Jongmin

AU - Lee, Junyeon

AU - Suh, Taeweon

AU - Koo, Gunjae

N1 - Funding Information: ACKNOWLEDGEMENT This work was supported by the Institute of Information and Communications Technology Planning and Evaluation grants funded by the Korea government (MSIT) (No. 2019-0-00533, Research on CPU Vulnerability Detection and Validation / No. 2019-0-01343, Regional Strategic Industry Convergence Security Core Talent Training Business / IITP-2021-2020-0-01819, ICT Creative Consilience Program). Publisher Copyright: © 2022 EDAA.

PY - 2022

Y1 - 2022

N2 - Transient execution attacks are critical security threats since those attacks exploit speculative execution which is an essential architectural solution that can improve the performance of out-of-order processors significantly. Such attacks change cache state by accessing secret data during speculative executions, then the attackers leak the secret information exploiting cache timing side-channels. Even though software patches against transient execution attacks have been proposed, the software solutions significantly slow down the performance of a system. In this paper, we propose CacheRewinder, an efficient hardware-based defense mechanism against transient execution attacks. CacheRewinder prevents leakage of secret information by revoking the cache updates done by speculative executions. To restore the cache state efficiently, CacheRewinder exploits the underutilized write-back buffer space as the temporary storage for victimized cache blocks evicted during speculative executions. Hence, when speculation fails CacheRewinder can quickly restore the cache state using the victim blocks held in the write-back buffer. Our evaluation exhibits CacheRewinder can effectively defend against transient execution attacks. The performance overhead by CacheRewinder is only 0.6%, which is negligible compared to the unprotected baseline processor. CacheRewinder also requires minimal storage cost since it exploits unused write-back buffer entries as storage for evicted cache blocks.

AB - Transient execution attacks are critical security threats since those attacks exploit speculative execution which is an essential architectural solution that can improve the performance of out-of-order processors significantly. Such attacks change cache state by accessing secret data during speculative executions, then the attackers leak the secret information exploiting cache timing side-channels. Even though software patches against transient execution attacks have been proposed, the software solutions significantly slow down the performance of a system. In this paper, we propose CacheRewinder, an efficient hardware-based defense mechanism against transient execution attacks. CacheRewinder prevents leakage of secret information by revoking the cache updates done by speculative executions. To restore the cache state efficiently, CacheRewinder exploits the underutilized write-back buffer space as the temporary storage for victimized cache blocks evicted during speculative executions. Hence, when speculation fails CacheRewinder can quickly restore the cache state using the victim blocks held in the write-back buffer. Our evaluation exhibits CacheRewinder can effectively defend against transient execution attacks. The performance overhead by CacheRewinder is only 0.6%, which is negligible compared to the unprotected baseline processor. CacheRewinder also requires minimal storage cost since it exploits unused write-back buffer entries as storage for evicted cache blocks.

KW - Cache Side-Channels

KW - Secure Architecture

KW - Speculative Execution

KW - Transient Execution Attacks

UR - http://www.scopus.com/inward/record.url?scp=85130816903&partnerID=8YFLogxK

U2 - 10.23919/DATE54114.2022.9774690

DO - 10.23919/DATE54114.2022.9774690

M3 - Conference contribution

AN - SCOPUS:85130816903

T3 - Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022

SP - 514

EP - 519

BT - Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022

A2 - Bolchini, Cristiana

A2 - Verbauwhede, Ingrid

A2 - Vatajelu, Ioana

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 14 March 2022 through 23 March 2022

ER -

CacheRewinder: Revoking Speculative Cache Updates Exploiting Write-Back Buffer

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this