@inproceedings{zhou2016a,
author = {Zhou, Ziqiao and Reiter, Michael K. and Zhang, Yinqian},
title = {A Software Approach to Defeating Side Channels in Last-Level Caches},
booktitle = {2016 Computer and Communications Security},
year = {2016},
month = {October},
abstract = {We present a software approach to mitigate access-driven side-channel attacks that leverage last-level caches (LLCs) shared across cores to leak information between security domains (e.g., tenants in a cloud). Our approach dynamically manages physical memory pages shared between security domains to disable sharing of LLC lines, thus preventing "Flush-Reload" side channels via LLCs. It also manages cacheability of memory pages to thwart cross-tenant "Prime-Probe" attacks in LLCs. We have implemented our approach as a memory management subsystem called CacheBar within the Linux kernel to intervene on such side channels across container boundaries, as containers are a common method for enforcing tenant isolation in Platform-as-a-Service (PaaS) clouds. Through formal verification, principled analysis, and empirical evaluation, we show that CacheBar achieves strong security with small performance overheads for PaaS workloads.},
publisher = {ACM},
url = {http://approjects.co.za/?big=en-us/research/publication/a-software-approach-to-defeating-side-channels-in-last-level-caches/},
pages = {871-882},
}