2025-11-20
CacheGuardian: A timing side-channel resilient LLC design
Publication
Publication
In cloud computing environments, the last-level cache (LLC) shared by multiple tenants is frequently exploited through timing side-channel attacks, enabling unauthorized data leakage. To address this issue, various defense mechanisms have been proposed. However, existing works exhibit deficiencies in terms of performance overhead, coverage of attacks, and detection accuracy. In response to these challenges, we propose CacheGuardian, a hardware-based LLC protection design which aims to provide stronger, broader, and more accurate protection against timing side-channel attacks with low performance overhead. It includes: (1) A behavior-based, generic attack detector capable of identifying multiple timing side-channel attacks in real time; (2) A cache-set-level access control mechanism that strictly restricts cache usage exclusively for the identified attackers instead of influencing all security domains.We implement our design in a gem5 simulator to evaluate both its security and performance. Our proof-of-concept attacks and SPEC 2017 benchmarks show that our design is effective against a wide range of timing side-channel attacks, reducing attack success rates by up to 256×, including camouflaged variants. Moreover, it improves the performance of benign workloads by an average of 2.26% with only 2.4% storage overhead.
| Additional Metadata | |
|---|---|
| doi.org/10.1109/ICCAD66269.2025.11241011 | |
| 2025 IEEE/ACM International Conference On Computer Aided Design (ICCAD) | |
| Organisation | Computer Security |
|
Zhou, Z., Zhu, Q., Lan, H., Zhu, H., Yan, W., An, X., … Ye, X. (2025). CacheGuardian: A timing side-channel resilient LLC design. In IEEE/ACM International Conference On Computer Aided Design. doi:10.1109/ICCAD66269.2025.11241011 |
|
