Caches are used to reduce the speed differential between the CPU and memory to improve the performance of modern processors. However, attackers can use contention-based cache timing attacks to steal sensitive information from victim processes through carefully designed cache eviction sets. And L1 data cache attacks are widely exploited and pose a significant privacy and confidentiality threat. Existing hardware-based countermeasures mainly focus on cache partitioning, randomization, and cache line flushing, which unfortunately either incur high overhead or can be circumvented by sophisticated attacks. In this paper, we propose a novel hardware-software co-design called BackCache with the idea of always achieving cache hits instead of cache misses to mitigate contention-based cache timing attacks on the L1 data cache. BackCache places the evicted cache lines from the L1 data cache into a fully-associative backup cache to hide the evictions. To improve the security of BackCache, we introduce a randomly used replacement policy (RURP) and a dynamic backup cache resizing mechanism. We also present a theoretical security analysis to demonstrate the effectiveness of BackCache. Our evaluation on the gem5 simulator shows that BackCache can degrade the performance by 1.33%, 7.34%, and 7.59% For OS kernel, single-thread, and multi-thread benchmarks.

翻译：高速缓存用于减少CPU与内存之间的速度差异，以提升现代处理器的性能。然而，攻击者可以利用基于竞争的高速缓存定时攻击，通过精心设计的缓存驱逐集合从受害进程中窃取敏感信息。L1数据缓存攻击被广泛利用，构成严重的隐私和机密性威胁。现有的基于硬件的防御措施主要侧重于缓存分区、随机化和缓存行刷新，但这些方法要么带来高开销，要么可能被复杂攻击绕过。本文提出一种名为BackCache的新型硬件-软件协同设计方案，其核心思想是实现始终命中而非缺失，以缓解针对L1数据缓存的基于竞争的高速缓存定时攻击。BackCache将L1数据缓存中驱逐的缓存行放入一个全关联备份缓存中，以隐藏驱逐行为。为提升BackCache的安全性，我们引入了随机使用替换策略和动态备份缓存大小调整机制。我们还提出了理论安全性分析以证明BackCache的有效性。在gem5模拟器上的评估表明，对于操作系统内核、单线程和多线程基准测试，BackCache的性能下降分别为1.33%、7.34%和7.59%。