Randomizing the mapping of addresses to cache entries has proven to be an effective technique for hardening caches against contention-based attacks like Prime+Prome. While attacks and defenses are still evolving, it is clear that randomized caches significantly increase the security against such attacks. However, one aspect that is missing from most analyses of randomized cache architectures is the choice of the replacement policy. Often, only the random- and LRU replacement policies are investigated. However, LRU is not applicable to randomized caches due to its immense hardware overhead, while the random replacement policy is not ideal from a performance and security perspective. In this paper, we explore replacement policies for randomized caches. We develop two new replacement policies and evaluate a total of five replacement policies regarding their security against Prime+Prune+Probe attackers. Moreover, we analyze the effect of the replacement policy on the system's performance and quantify the introduced hardware overhead. We implement randomized caches with configurable replacement policies in software and hardware using a custom cache simulator, gem5, and the CV32E40P RISC-V core. Among others, we show that the construction of eviction sets with our new policy, VARP-64, requires over 25-times more cache accesses than with the random replacement policy while also enhancing overall performance.

翻译：将地址到缓存项的映射进行随机化已被证明是针对基于竞争的缓存攻击（如Prime+Probe）的一种有效防御技术。尽管攻击与防御技术仍在持续演进，但随机化缓存显著提升了对此类攻击的抵抗能力。然而，现有随机化缓存架构的分析大多忽略了替换策略的选择。通常，研究仅涉及随机替换策略和LRU替换策略。但LRU因巨大的硬件开销不适用于随机化缓存，而随机替换策略在性能与安全性方面亦非理想选择。本文深入探索了随机化缓存的替换策略，提出了两种新型替换策略，并针对Prime+Prune+Probe攻击者，评估了共五种替换策略的安全性。此外，我们分析了替换策略对系统性能的影响，并量化了引入的硬件开销。通过定制缓存模拟器、gem5及CV32E40P RISC-V内核，我们在软件与硬件层面实现了具备可配置替换策略的随机化缓存。研究表明，与随机替换策略相比，采用新型VARP-64策略构建逐出集合所需的缓存访问次数超过其25倍，同时整体性能亦得到提升。