Abstract
Modem general purpose processors suffer from cache side-channel attacks (SCA) such as Prime+Probe [1] where the attacker can infer the victim's information. Last-Level caches(LLC) are particularly vulnerable as they are shared between different cores of the processor. Encryption-based randomized caches such as CEASER [2] have been successful in mitigating conflict-based SCA by stopping the attackers from creating eviction sets but they have a few drawbacks 1) Encryption and remapping is done at all times, even when not performing security-critical tasks and 2) These mitigation techniques provide no defense against flush- based cache attacks such as Flush+Reload. Moreover, such randomized caches employing least-recently used (LRU) replacement policy incur impractical overheads to provide defense against conflict-based SCA. On the other hand, randomized caches employing random replacement policy can mitigate theses attacks with relatively low overhead but suffer from lower hit rate due to inefficient replacement policy. In this paper we show that moving the shared LLC of the processor to the programmable fabric of heterogeneous devices such as FPGA+CPU system-on-chips provides high degree of flexibility in terms of security and performance. To this end, we propose two randomized cache modes 1) Fast: Generic cache using LRU policy while providing no security against SCA and 2) Secure: Randomized cache using random replacement policy that can mitigate SCA. When the LLC is implemented on the reprogrammable fabric of the FPGA, modern FPGA+CPU SoCs ability to reconfigure the FPGA fabric during run-time allows the cache to switch between these two modes. Additionally, we propose a novel randomized cache mechanism, ARC, that can mitigate not only conflict-based attacks but also flush- based cache attacks.