HARDWARE BASED TECHNIQUE TO PREVENT CRITICAL FINE-GRAINED CACHE SIDE-CHANNEL ATTACKS

摘要

A system may include a processor and a memory, the processor having at least one cache. The cache may include a plurality of sets, each set having a plurality of cache lines. Each cache line may include several bits for storing information, including at least a “shared” bit to indicate whether the cache line is shared between different processes being executed by the processor. The example cache may also include shared cache line detection and eviction logic. During normal operation, the cache logic may monitor for a context switch (i.e., determine if the processor is switching from executing instructions for a first process to executing instructions for a second process). Upon a context switch, the cache logic may evict the shared cache lines (e.g., the cache lines with a shared bit of 1). Due to the nature of cache-timing side-channel attacks, this eviction of shared cache lines may prevent attackers utilizing such attacks from gleaning meaningful information.