Cache-Zoomer: On-demand High-resolution Cache Monitoring for Security

Information leakage through timing channels is an increasing threat in most computer systems. Among various hardware components, the CPU caches expose the largest attack surface for timing channels since they are usually shared among multiple processor cores. Recently, cache-based covert timing channels have been exploited by well-known attacks, such as Meltdown, for information leakage. Prior works have explored use of existing hardware performance counters linked to caches in order to detect covert channels. Unfortunately, current hardware performance counters only capture a single cache-wide statistic relating to the activities of an entire cache. As a result, such coarse-grained cache monitoring is very unlikely to capture the adversaries that typically work with limited subsets of cache blocks . To solve the resolution problem in existing cache hardware performance counters, we propose Cache-Zoomer , a framework that provides on-demand high-resolution cache monitoring. Cache-Zoomer uses a small set of configuration registers for on-demand monitoring of specific regions in the cache. At runtime, Cache-Zoomer dynamically selects the cache sub-areas with high frequency of miss patterns for improved monitoring. We demonstrate the efficiency of Cache-Zoomer on various types of cache timing channel attacks with different bandwidths. Our results show that Cache-Zoomer is able to swiftly detect all the cache timing channels studied, while incurring negligible (< 1%) area and power overheads. Our proposed Cache-Zoomer is versatile and can be adapted to other applications such as performance analysis as well.