Mitigating Cache Side-channel Attacks via Fast Flushing Mechanism

ZHENG Shuai; XU Xiangrong; XIAO Limin; LIU Hao; XIE Xilong; YANG Rui; RUAN Li; LIAO Xiaojian; LIU Shanfeng; ZHANG Wancai; WANG Liang

doi:10.11999/JEIT250471

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2025 >

ZHENG Shuai, XU Xiangrong, XIAO Limin, LIU Hao, XIE Xilong, YANG Rui, RUAN Li, LIAO Xiaojian, LIU Shanfeng, ZHANG Wancai, WANG Liang. Mitigating Cache Side-channel Attacks via Fast Flushing Mechanism[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT250471

Citation:

ZHENG Shuai, XU Xiangrong, XIAO Limin, LIU Hao, XIE Xilong, YANG Rui, RUAN Li, LIAO Xiaojian, LIU Shanfeng, ZHANG Wancai, WANG Liang. Mitigating Cache Side-channel Attacks via Fast Flushing Mechanism[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT250471

Citation:

ZHENG Shuai, XU Xiangrong, XIAO Limin, LIU Hao, XIE Xilong, YANG Rui, RUAN Li, LIAO Xiaojian, LIU Shanfeng, ZHANG Wancai, WANG Liang. Mitigating Cache Side-channel Attacks via Fast Flushing Mechanism[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT250471

PDF( 2313 KB)

Mitigating Cache Side-channel Attacks via Fast Flushing Mechanism

doi: 10.11999/JEIT250471 cstr: 32379.14.JEIT250471

ZHENG Shuai^{1, 2},
XU Xiangrong^{1, 2},
XIAO Limin^{1, 2},
LIU Hao^{1, 2},
XIE Xilong^{1, 2},
YANG Rui^{1, 2},
RUAN Li^{1, 2},
LIAO Xiaojian^{1, 2},
LIU Shanfeng³,
ZHANG Wancai⁴,
WANG Liang^{1, 2
,
,}

1.
State Key Laboratory of Complex & Critical Software Environment, Beihang University, Beijing 100191, China
2.
School of Computer Science and Engineering, Beihang University, Beijing 100191, China
3.
State Grid Henan Electric Power Company Electric Power Science Research Institute, Zhengzhou 450000, China
4.
NARI Technology Co., Ltd., Nanjing 211100, China

Funds: The National Key R&D Program of China (2023YFB4503100), The National Natural Science Foundation of China (62272026, 62104014), The State Key Laboratory of Complex & Critical Software Environment (CCSE-2024ZX-10), Beijing Advanced Innovation Center for Future Blockchain and Privacy Computing (GJJ-23)

Received Date: 2025-05-27
Rev Recd Date: 2025-09-10

Available Online: 2025-09-15

Abstract

Abstract

Objective With the rising demand for secure computing, cache-based side-channel attacks have become a critical threat to modern processors. Conventional data cache designs do not account for information leakage caused by malicious memory access patterns, enabling adversaries to infer sensitive data from subtle variations in cache access latency. Existing countermeasures, such as cache mapping randomization and cache flushing, provide partial protection but incur considerable hardware overhead and performance degradation, particularly in resource-constrained private caches such as L1 and L2. To address this limitation, this study focuses on L1 data caches and proposes a fast flushing mechanism based on Time-To-Live (TTL) control. The method mitigates side-channel leakage while minimizing additional hardware complexity and performance cost. Methods This study proposes a fast cache flushing method that introduces a lightweight 3-bit TTL field into each cache line, together with a global time register (Time), to enable efficient cache invalidation. When a flush instruction is issued, the Time register is incremented, and all cache lines are checked against their TTL values. Only lines that remain valid and contain modified data are invalidated and written back, thereby reducing flushing overhead. To ensure robustness and correctness, several auxiliary strategies are incorporated, including mechanisms to handle TTL wraparound, preserve data consistency, and strengthen resistance against advanced side-channel attacks. The proposed mechanism is realized through custom instruction set extensions on a RISC-V processor platform. Results and Discussions The proposed cache flushing mechanism exhibits significant performance benefits in representative application scenarios. Experimental evaluation shows that it reduces average flushing latency by approximately 70% relative to conventional flushing techniques. In side-channel security tests based on the Prime+Probe attack model, an adversary probing 1024 cache lines after the victim executes a flush operation is unable to recover valid sensitive information patterns, thereby confirming the security effectiveness of the proposed architecture. Regarding hardware overhead, the design introduces only about 8% additional logic and approximately 0.01% extra storage cost for TTL fields compared with conventional cache structures. Conclusions This paper presents a fast cache flushing mechanism to defend against cache-based side-channel attacks. The proposed method achieves a balanced trade-off between security and performance. Experimental results show that it substantially reduces cache flushing latency while effectively mitigating typical side-channel threats. The design is particularly suited for deployment in resource-constrained private caches such as L1 and L2. Hardware implementation further confirms the lightweight nature and engineering feasibility of the approach, indicating strong potential for practical application.
- Cache side-channel attacks,
- RISC-V security,
- Cache flushing

FullText(HTML)

References(18)

References

[1]	WANG Zhenghong and LEE R B. New cache designs for thwarting software cache-based side channel attacks[C]. Proceedings of the 34th Annual International Symposium on Computer Architecture, San Diego, USA, 2007: 494–505. doi: 10.1145/1250662.1250723.
[2]	KOCHER P, HORN J, FOGH A, et al. Spectre attacks: Exploiting speculative execution[J]. Communications of the ACM, 2020, 63(7): 93–101. doi: 10.1145/3399742.
[3]	LIPP M, SCHWARZ M, GRUSS D, et al. Meltdown: Reading kernel memory from user space[J]. Communications of the ACM, 2020, 63(6): 46–56. doi: 10.1145/3357033.
[4]	CHEN Yun, PASHRASHID A, WU Yongzheng, et al. Prime+reset: Introducing a novel cross-world covert-channel through comprehensive security analysis on ARM TrustZone[C]. Proceedings of the 2024 Design, Automation & Test in Europe Conference & Exhibition (DATE 2024), Valencia, Spain, 2024: 1–6. doi: 10.23919/DATE58400.2024.10546531.
[5]	QURESHI M K. New attacks and defense for encrypted-address Cache[C]. Proceedings of the 46th International Symposium on Computer Architecture (ISCA 2019), Phoenix, USA, 2019: 360–371.
[6]	LI Tuo and PARAMESWARAN S. FaSe: Fast selective flushing to mitigate contention-based cache timing attacks[C]. Proceedings of the 59th ACM/IEEE Design Automation Conference, San Francisco, USA, 2022: 541–546. doi: 10.1145/3489517.3530491.
[7]	SONG Wei, XUE Zihan, HAN Jinchi, et al. Randomizing set-associative caches against conflict-based cache side-channel attacks[J]. IEEE Transactions on Computers, 2024, 73(4): 1019–1033. doi: 10.1109/TC.2024.3349659.
[8]	DOMNITSER L, JALEEL A, LOEW J, et al. Non-monopolizable caches: Low-complexity mitigation of cache side channel attacks[J]. ACM Transactions on Architecture and Code Optimization, 2012, 8(4): 35. doi: 10.1145/2086696.2086714.
[9]	YAN Mengjia, GOPIREDDY B, SHULL T, et al. Secure Hierarchy-Aware Cache Replacement Policy (SHARP): Defending against cache-based side channel atacks[C]. Proceedings of the 44th Annual International Symposium on Computer Architecture, Toronto, Canada, 2017: 347–360. doi: 10.1145/3079856.3080222.
[10]	WERNER M, UNTERLUGGAUER T, GINER L, et al. SCATTERCACHE: Thwarting cache attacks via cache set randomization[C]. Proceedings of the 28th USENIX Conference on Security Symposium, Santa Clara, USA, 2019: 675–692.
[11]	QURESHI M K. CEASER: Mitigating conflict-based cache attacks via encrypted-address and remapping[C]. Proceedings of the 51st Annual IEEE/ACM International Symposium on Microarchitecture, Fukuoka, Japan, 2018: 775–787. doi: 10.1109/MICRO.2018.00068.
[12]	SONG Wei, LI Boya, XUE Zihan, et al. Randomized last-level caches are still vulnerable to cache side-channel attacks! But we can fix it[C]. Proceedings of the 2021 IEEE Symposium on Security and Privacy, San Francisco, USA, 2021: 955–969. doi: 10.1109/SP40001.2021.00050.
[13]	OLEKSENKO O, TRACH B, KRAHN R, et al. Varys: Protecting SGX enclaves from practical side-channel attacks[C]. Proceedings of the 2018 USENIX Conference on USENIX Annual Technical Conference, Boston, USA, 2018: 227–239.
[14]	BOURGEAT T, LEBEDEV I, WRIGHT A, et al. MI6: Secure enclaves in a speculative out-of-order processor[C]. Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture, Columbus, USA, 2019: 42–56. doi: 10.1145/3352460.3358310.
[15]	GE Qian, YAROM Y, CHOTHIA T, et al. Time protection: The missing OS abstraction[C]. Proceedings of the Fourteenth EuroSys Conference 2019, Dresden, Germany, 2019: 1. doi: 10.1145/3302424.3303976.
[16]	CHOWDHURYY M H I and YAO Fan. IvLeague: Side channel-resistant secure architectures using isolated domains of dynamic integrity trees[C]. 2024 57th IEEE/ACM International Symposium on Microarchitecture (MICRO), Austin, USA, 2024: 1153–1168. doi: 10.1109/MICRO61859.2024.00087.
[17]	BHATLA A, NAVNEET, and PANDA B. The Maya cache: A storage-efficient and secure fully-associative last-level cache[C]. 2024 ACM/IEEE 51st Annual International Symposium on Computer Architecture (ISCA), Buenos Aires, Argentina, 2024: 32–44. doi: 10.1109/ISCA59077.2024.00013.
[18]	Dolu1990. NaxRiscv[CP/OL]. GitHub, 2024-12-05[2025-04-15]. https://github.com/SpinalHDL/NaxRiscv.