The sharing of the last-level cache (LLC) among multiple cores makes it vulnerable to cross-core conflict- and occupancy-based attacks. Despite extensive prior work, modern processors still employ non-secure set-associative LLCs. Existing secure LLC designs broadly fall into two categories: (i) randomized and (ii) partitioned. The state-of-the-art randomized design, Mirage, mitigates conflict-based attacks but incurs significant area overhead (20% additional storage) and design complexity. Partitioned LLCs mitigate both conflict- and occupancy-based attacks, but often suffer from large performance overheads (on average over 5% and up to 49%), require OS support in set-based schemes, or face scalability issues in way-based schemes. These factors pose major obstacles to the industrial adoption of secure LLCs. This paper asks whether strong LLC security can be achieved with minimal changes to a conventional set-associative LLC, enabling security only when needed while preserving low performance, power, and area overheads. We propose Avatar, a secure and morphable LLC that supports three modes: non-secure (Avatar-N), randomized secure (Avatar-R), and partitioned secure (Avatar-P), and can switch dynamically between them. Avatar closely resembles a conventional set-associative LLC, facilitating industrial adoption. Avatar-R introduces extra invalid entries and leverages high associativity to provide a strong security guarantee with little capacity loss, achieving only one set-associative eviction per $10^{30}$ years, while incurring 1.5% storage overhead, a 2.7% increase in static power, and a 0.2% slowdown over a 16~MB baseline. Avatar-P mitigates both conflict- and occupancy-based attacks with only a 3% performance overhead, substantially outperforming prior way-based partitioned LLCs. When security is unnecessary, Avatar switches to Avatar-N to maximize performance and energy efficiency.

翻译：末级缓存（LLC）在多核间的共享特性使其易受跨核冲突型与占用型攻击。尽管已有大量研究，现代处理器仍普遍采用非安全组相联LLC。现有安全LLC设计主要分为两类：（i）随机化方案与（ii）分区化方案。当前最先进的随机化设计Mirage虽能缓解冲突型攻击，但需承担显著的面积开销（额外20%存储空间）与设计复杂度。分区化LLC可同时应对冲突型与占用型攻击，但通常存在较大性能开销（平均超过5%，最高达49%），在基于组划分的方案中需要操作系统支持，而在基于路划分的方案中面临可扩展性问题。这些因素严重阻碍了安全LLC的工业界应用。本文探讨能否通过对传统组相联LLC进行最小改动，在仅需安全保护时启动防御机制，同时保持低性能、功耗与面积开销。我们提出化身缓存（Avatar），一种支持三种模式的可重构安全LLC：非安全模式（Avatar-N）、随机化安全模式（Avatar-R）与分区化安全模式（Avatar-P），并支持动态切换。Avatar在结构上高度接近传统组相联LLC，有利于工业界采用。Avatar-R通过引入额外无效表项并利用高相联度提供强安全保证，仅产生微小容量损失，实现每$10^{30}$年仅发生一次组相联替换，同时仅带来1.5%的存储开销、2.7%的静态功耗增加以及相对于16~MB基准设计0.2%的性能减速。Avatar-P能以仅3%的性能开销同时缓解冲突型与占用型攻击，显著优于现有基于路划分的分区化LLC。当无需安全保护时，Avatar可切换至Avatar-N模式以最大化性能与能效。