Caches are used to reduce the speed differential between the CPU and memory to improve the performance of modern processors. However, attackers can use contention-based cache timing attacks to steal sensitive information from victim processes through carefully designed cache eviction sets. And L1 data cache attacks are widely exploited and pose a significant privacy and confidentiality threat. Existing hardware-based countermeasures mainly focus on cache partitioning, randomization, and cache line flushing, which unfortunately either incur high overhead or can be circumvented by sophisticated attacks. In this paper, we propose a novel hardware-software co-design called BackCache with the idea of always achieving cache hits instead of cache misses to mitigate contention-based cache timing attacks on the L1 data cache. BackCache places the evicted cache lines from the L1 data cache into a fully-associative backup cache to hide the evictions. To improve the security of BackCache, we introduce a randomly used replacement policy (RURP) and a dynamic backup cache resizing mechanism. We also present a theoretical security analysis to demonstrate the effectiveness of BackCache. Our evaluation on the gem5 simulator shows that BackCache can degrade the performance by 1.33%, 7.34%, and 7.59% For OS kernel, single-thread, and multi-thread benchmarks.

翻译：缓存用于缩小CPU与内存之间的速度差异，以提升现代处理器的性能。然而，攻击者可通过精心设计的缓存驱逐集，利用基于竞争的缓存定时攻击从受害进程中窃取敏感信息。L1数据缓存攻击被广泛利用，构成严重的隐私和机密性威胁。现有的硬件端对策主要集中于缓存分区、随机化及缓存行刷新，但这些方法要么产生高开销，要么可被复杂攻击绕过。本文提出一种名为BackCache的新型软硬件协同设计，其核心理念是通过始终实现缓存命中而非缓存未命中，来缓解针对L1数据缓存的基于竞争的缓存定时攻击。BackCache将L1数据缓存中被驱逐的缓存行存入全相联后备缓存，以隐藏驱逐行为。为提升BackCache的安全性，我们引入随机使用替换策略（RURP）与动态后备缓存大小调整机制。我们还提供了理论安全性分析以验证BackCache的有效性。在gem5模拟器上的评估表明，对于操作系统内核、单线程及多线程基准测试，BackCache分别仅造成1.33%、7.34%和7.59%的性能下降。