Security News > 2021 > June > TimeCache aims to block side-channel cache attacks – without hurting performance

Targeting the specific sub-class of side-channel attacks against cache carried out by shared software, TimeCache is claimed to offer perfect protection with a tiny performance impact, while keeping all of the lovely benefits of sharing things in the first place.

"Our defence against timing side channels through shared software retains the benefits of allowing processes to utilise the entire cache capacity of a shared cache," the pair explained in a paper presented at the ACM/IEEE 48th Annual International Symposium on Computer Architecture.

The core concept behind TimeCache is that it incorporates knowledge of prior cache line access, so that a given process's first access to cache is delayed.

"We achieve our goal," the researchers explained, "By implementing per-process cache line visibility so that the processes do not benefit from cached data brought in by another process until they have incurred a corresponding miss penalty. The solution works at all the cache levels without the need to limit the number of security domains, and defends against an attacker process running on the same core, on a another hyper-thread, or on another core."

TimeCache can't be implemented purely in software, and requires hardware modifications with the addition of a per cache line, per hardware context security bit dubbed an "s-bit"; a per cache line timestamp; a shift register; and a bit-serial timestamp-parallel comparison logic block with transpose gate and bitline peripherals in order to speed the comparison of timestamps.

More details on TimeCache, which can be used alongside other defences, including cache randomisation, are found in this PDF copy of the paper: "TimeCache: Using Time to Eliminate Cache Side Channels when Sharing Software." .

News URL

https://go.theregister.com/feed/www.theregister.com/2021/06/15/timecache_aims_to_block_sidechannel/