INTERFACE: An Indirect, Partitioned, Random, Fully-Associative Cache to Avoid Shared Last-Level Cache Attacks

Shared Last-level caches are increasingly facing severe security risks from occupancy attacks and set-conflict-based side-channel attacks, e.g., Prime+Probe. Attackers use unrestricted cache occupacy, or use conflicts in limited-size cache sets, to observe access patterns of a victim process which can leak a victim's secret data. To eliminate shared LLC attacks, an ideal solution is to use a partitioned fully-associative cache design with random replacement so attackers cannot observe a victim's access patterns. Prior work proposed mechanisms that approximate such design at non-trivial power, area, performance and complexity costs. In this work, we propose a practical INdirect, parTitionEd, Random, Fully-Associative CachE (INTERFACE) design which consists of a fully-associative data store and a skewed set-associative tag store. Each set in the primary tag store is linked to two sets, one from each extra (secondary) tag store. Each entry in the fully-associative data store is indexed by a valid entry from the tag store. We use a novel architecture to manage free data blocks without modifying the data store. We isolate processes by partitioning the cache to prevent occupancy attacks. Compared to prior work, we show that INTERFACE provides strong security guarantees by eliminating occupancy and conflict-based attacks with lower area and power overheads, lower complexity, and with a similar performance overhead compared to prior work.