COTSknight: Practical Defense against Cache Timing Channel Attacks using Cache Monitoring and Partitioning Technologies

Recent studies have shown how adversaries can exploit hardware cache structures to launch information leakage-based attacks. Among these attacks, timing channels are especially worrisome since adversaries communicate simply by modulating the timing of shared resource accesses, and do not leave any physical trace of the communication. Therefore, guarding the system against such attacks is critical. Unfortunately, most existing mitigation mechanisms either require non-trivial hardware modifications and/or incur high runtime overheads. In this paper, we propose COTSknight, a new framework that guards the system against several classes of cache timing channel attacks by making novel use of Commercial Off-The-Shelf (COTS) architectural support for cache resource monitoring and prioritization. We find that the adversary's attempt to modulate cache access latency during attacks can be captured using cache occupancy patterns. COTSknight leverages efficient signal processing techniques on cache occupancy patterns to determine the potential for timing channel attacks. Once suspicious domains are identified, COTSknight disbands timing channels using dynamic cache partitioning schemes in hardware. We implement a prototype of our COTSknight framework on an Intel Xeon v4 server and evaluate its efficacy extensively using different spatial encoding schemes, as well as serial and parallel implementations of Last Level Cache (LLC) timing channels. Our results show that COTSknight can successfully thwart several classes of timing channel attacks by allocating disjoint LLC ways to malicious processes. Even in benign cache-intensive workloads, we observe a 6% cache partition trigger rate that results in a relatively small 5% worst-case performance degradation. Interestingly, for some benign applications, upon COTSknight's cache partition, we observe an improved performance by up to 9.2% through eliminating cache interference.