"Cyclone: Detecting Contention-Based Cache Information Leaks Through Cyclic Interference"

Micro-architecture units like caches are notorious for leaking secrets across security domains. An attacker program can contend for on-chip state or bandwidth and can even use speculative execution in processors to drive this contention; and protecting against all contention-driven attacks is exceptionally challenging. Prior works can mitigate contention channels through caches by partitioning the larger, lower-level caches or by looking for anomalous perfor- mance or contention behavior. Neither scales to large number of fine-grained domains as required by browsers and web-services that place many domains within the same address space. We observe that cache contention channels have a unique property – contention leaks information only when it is cyclic, i.e., domain A interferes with domain B, followed by interference from B to A. We propose to use this cyclic interference property to detect micro-architectural attacks as anomalous cyclic interference. Unlike partitioning, our detection approach scales to many concurrent do- mains in a single address space; and unlike prior anomaly detectors, cyclic interference is robust to noise from benign interference. We track cyclic interference using non-intrusive detectors in an out-of-order core and stress test our prototype, Cyclone, with fine- grained isolation in browsers (against speculation-driven attacks) and coarse-grained isolation of cores (against covert-channels em- bedded in database and machine learning workloads). Full-system simulations on an ARM micro-architecture show close to perfect detection rates and 260 − 1000× lower false positives than using (state-of-the-art) contention alone, with slowdowns of only ∼3.6%.