Abstract: Side channel attacks are increasingly becoming an ominous threat in today's digitized world. As side channel attacks rely on exploiting security vulnerabilities in hardware instead of bugs directly within software, they are notoriously difficult to prevent. In this work, we focus on cross-core cache-based side channel attacks, where an attacker on one core steals secret information by probing a processor's cache while the program of interest is running on another core. These attacks have been gaining popularity. Attacks currently exist for major processor vendors and have implementations for many applications in the mobile, desktop, and cloud domains. Presently, all proposed solutions have the drawback of either requiring code to be modified or being unable to dynamically share the entire cache between different programs.
In this paper we propose a new secure hierarchy-aware replacement policy (SHARP), which is an efficient approach to defend against all existing cache-based side channel attacks. SHARP leverages the insight that modern last-level cache eviction policies are vulnerable to cache-based side channel attacks. This is because modern cache replacement policies only consider temporal usage information about cache lines, and are oblivious to which core an eviction-causing access comes from. In SHARP, we monitor the presence of the last-level cache ways in higher level caches and take this into account in our replacement policy algorithm. In addition, we slightly modify the permissions of the clflush instruction in userspace to disable attacks using this instruction. SHARP works for all existing applications without requiring any code modifications.