Towards a Better Indicator for Cache Timing Channels
This addresses security vulnerabilities in computer architecture for users and systems, offering an incremental improvement over prior detection methods.
The paper tackled the problem of detecting cache timing channels, which can leak private data at high bit rates, by proposing cache occupancy as a stronger indicator than cache miss patterns, showing it resists obfuscation by advanced adversaries.
Recent studies highlighting the vulnerability of computer architecture to information leakage attacks have been a cause of significant concern. Among the various classes of microarchitectural attacks, cache timing channels are especially worrisome since they have the potential to compromise users' private data at high bit rates. Prior works have demonstrated the use of cache miss patterns to detect these attacks. We find that cache miss traces can be easily spoofed and thus they may not be able to identify smarter adversaries. In this work, we show that \emph{cache occupancy}, which records the number of cache blocks owned by a specific process, can be leveraged as a stronger indicator for the presence of cache timing channels. We observe that the modulation of cache access latency in timing channels can be recognized through analyzing pairwise cache occupancy patterns. Our experimental results show that cache occupancy patterns cannot be easily obfuscated even by advanced adversaries that successfully evade cache miss-based detection.