Design and Verification of Secure Cache Wrapper Against Access-Driven Side-Channel Attacks

Abstract

While caches are shared resources used to speedup the execution of applications, including the execution of cryptographic applications, their use can expose the system to attacks. Access-driven is one of the most popular cache attacks. They have been demonstrated in different hardware platforms, from servers to smart phones, which even were operating in virtualized environments. Designing hardware solutions to protect against access-driven attacks is still a challenge. Moreover, the security verification of such solutions still needs further exploration. This paper presents two main contributions. First, we propose a generic hardware wrapper able to protect caches against accessdriven cache attacks, based on an address translation policy to obfuscate the cache accesses. Second, we use an extended version of a previously proposed formal method to verify the security of cache against such attacks, by means of properties. Experimental results show the effectiveness of our hardware wrapper against access-driven cache attacks along with formal proof, while incurring an average area overhead below 2% and a negligible critical path overhead.