# Selective Cache Re-Mapping to Mitigate **Cache Side Channel Attacks on RISC-V Processors**



Innía

Pavitra Prakash Bhade Indian Institute of Technology Goa India

**Olivier Sentieys** University of Rennes, INRIA France

Sharad Sinha Indian Institute of Technology Goa India

Cache Lookup

• *if Address A' present in cache then* 

■ if RemapBit(A') == 1 then

• if Address A present in cache then

o if RemapBit(A) == 0 then

**Cache Hit** 

• Encrypt A to A'

■ end if

• end if

• end if

• Cache Hit

• end if

• else

### Introduction and Contributions

- Cache side channel attacks (CSCA) have become a significant threat to shared cache security.
- Fortifying cache security by encrypting mappings to thwart eviction-based attacks (e.g., Flush+Reload, Evict+Abort).
- Encryption of mappings induces performance overhead.
- Since the entire address space is involved, predictive analysis can break the encryption.
- Instead of mapping the entire address range, we propose a selective mapping technique performing encryptions only when and where needed.
- Reduces the impact on performance overhead and the possibility of breaking encryptions by predictive analyses.
- Only a marginal addition to the microarchitecture and cache replacement policy.
- Approach: selective randomization that encrypts cache mappings of only specific sections clashing with protected memory regions.
- Very suitable for RISC-V architecture specifically.
- Hardware implementation of the proposed mitigation technique in the *Comet*<sup>1</sup> RISC-V core.



5

+4.7

-2.9

+6

+2.1

## **Proposed Algorithms**

#### **Cache Replacement**

- if Address A has to evict Address B then • *if* SecretBit(B) == 0 then
  - Replace B with A
  - if A is secret :SecretBit(A) <= 1
  - end if
  - o else
    - Encrypt Address A to A'
    - Search replacement location for A'
    - Replace at the found location
    - RemapBit(A') <= 1</p>
    - If A is secret : SecretBit(A') <=1, else SecretBit(A') <=0
  - end if



| Results                            |                                                           |       |       |       |       |      |  |                                    |                                                 |      |       |       |       |  |
|------------------------------------|-----------------------------------------------------------|-------|-------|-------|-------|------|--|------------------------------------|-------------------------------------------------|------|-------|-------|-------|--|
| Overhead in % on RSA 512 execution |                                                           |       |       |       |       |      |  | Overhead in % on AES 128 execution |                                                 |      |       |       |       |  |
| Parameters                         | Number of secrets<br>arameters (Cache = 1MB, Block = 64B) |       |       |       |       |      |  | Parameters                         | Number of secrets<br>(Cache = 1MB, Block = 64B) |      |       |       |       |  |
|                                    | 0                                                         | 1     | 2     | 3     | 4     | 5    |  |                                    | 0                                               | 1    | 2     | 3     | 4     |  |
| Remaps                             | 0                                                         | +0.8  | +1.8  | +3.98 | +4.3  | +4.7 |  | Remaps                             | 0                                               | +0.6 | +1.8  | +3.98 | +4.3  |  |
| Hits                               | 0                                                         | +1.13 | -0.88 | -0.62 | -2.7  | -2.9 |  | Hits                               | 0                                               | +0.8 | -0.88 | -0.62 | -2.7  |  |
| Misses                             | 0                                                         | -0.7  | +3.5  | +4.2  | +5.9  | +6   |  | Misses                             | 0                                               | -1   | +3.5  | +4.2  | +5.9  |  |
| Execution<br>Time                  | +0.7                                                      | +0.79 | +0.9  | +1.16 | +1.92 | +2.1 |  | Execution<br>Time                  | +0.9                                            | +1.2 | +0.9  | +1.16 | +1.92 |  |

Variation in number of Remaps, with increasing cache size

### Conclusion



- A minimal enhancement in the cache microarchitecture and replacement policy to mitigate conflict-based CSCA.
- Measure performance overhead for 0 to 5 secret processes being protected simultaneously.
- Two additional bits per 64B cache line used as metadata for mapping and replacement (area overhead ~0.3%).
- Future works: synthesizing the proposed cache structure in various RISC-V microarchitectures to gain deeper insights into security and performance evaluations; studying the evaluation of hardware-level encryptors in RISC-V cores.

<sup>1</sup>S. Rokicki, D. Pala, J. Paturel, O. Sentieys, What You Simulate Is What You Synthesize: Designing a Processor Core from C++ Specifications, IEEE/ACM ICCAD, 2019. https://gitlab.inria.fr/srokicki/Comet

**RISC V SUMMIT EUROPE 2024 (Munich, Germany)**