MIRAGE: Mitigating Cache Attacks with a Randomized Fully-Associative Cache Published in USENIX Security 2021

Gururaj Saileshwar NVIDIA Research / University of Toronto & Moinuddin Qureshi Georgia Tech



DRAM









Spy Observing Victim's Accesses Can Infer Sensitive Data (e.g. AES Keys<sup>1</sup>, Fingerprint Websites in Browsers<sup>2</sup>, ML Model Architecture<sup>3</sup>)

1 - [Bernstein'05], 2 - [Shusterman+, SEC'20], 3 - [Yan+, SEC'20], [Hong+, ICLR'20]

# **Key Requirement for Attack: Set Conflicts**



## **Prior Defense: Partitioning and Randomization**

#### **Partitioned Cache Defense**

[MICRO'18], [MICRO'19]



**Insulate Cache Usage of Different Processes** 

Limited Scalability or Practicality

# **Randomized Cache Defenses** [MICRO'18], [ISCA'19], [SEC'19], [NDSS'20], [S&P'21] V Sets **Address** B **Randomized Mapping Obfuscates Set-Conflicts Practical To Adopt**, **But Successive Defenses Broken**

**Can We Design Principled Randomization?** 

## **Arms Race Between Attacks & Defenses**



#### **Goal: Need to Eliminate Set-Associative Evictions (Set-Conflicts)**

## **Our Solution MIRAGE: A Fully-Associative Randomized LLC**

#### <u>Abstraction to SW:</u> Fully-Associative Randomized Cache



#### <u>**Challenge:**</u> Fully-Associative Lookup Requires Checking 100,000+ LLC Locations





## **Our Solution MIRAGE: A Fully-Associative Randomized LLC**

#### **Set-Associative Abstraction to SW:** Fully-Associative Cache Randomized Cache **Random Eviction** Line Line Install **From Entire Cache** Install В Sets Mirage LLC **Principled Security Practical Lookup within Set** (16-32 Locations)

**Key Challenge:** How to get Security of Fully-Associative Design with Set-Associative Lookups?

## Buckets & Balls Problem Buckets



#### <u>Set-Associative</u> <u>Randomized Cache</u>









## **Security Guarantee With Power of 2 Choices**



#### **Security Guarantee With Power of 2 Choices**



LLC with 75% extra capacity & Power of 2 Choices Indexing → Security Guarantee: 1 SAE in 10<sup>34</sup> LLC Installs (10<sup>17</sup> years)







Skew-1





Security Guarantee: With 75% extra tags (~20% extra storage), MIRAGE ensures Set-Associative Eviction (that leaks info) occurs once in 10<sup>17</sup> years

Note: MIRAGE also mitigates shared-memory attacks (like Flush+Reload) with duplication of shared-lines

# **Results – Performance**

8-Cores, 16MB 16-way Last Level Cache, evaluated using a Trace-Based Simulator (using Intel Pin)



MIRAGE incurs slowdown of 2% (Storage-Neutral Slowdown of 3.5%) comparable to Scatter-Cache that got broken

# **Performance Validation with FireSim**

- Challenge: FireSim (as of 2020) only models the tag-store and not data-store for the last-level cache Timing model stalled till data functionally accessed from host DRAM
  - Cannot model global evictions in Mirage without the data-store & RPTR to tag-store
- Still useful for performance validation: implemented randomized cache with 2 skews & increased access latency (randomized evictions & access latency like MIRAGE)

| Workload  | Base | Randomized cache with increased lookup latency |           |           |           |
|-----------|------|------------------------------------------------|-----------|-----------|-----------|
|           |      | +3 cycles                                      | +4 cycles | +5 cycles | +6 cycles |
| perlbench | 191  | 202                                            | 194       | 206       | 203       |
| mcf       | 191  | 199                                            | 194       | 200       | 201       |
| omnetpp   | 42   | 42                                             | 41        | 42        | 42        |
| x264      | 699  | 707                                            | 702       | 696       | 707       |
| deepsjeng | 85   | 84                                             | 84        | 84        | 84        |
| leela     | 44   | 44                                             | 45        | 45        | 45        |
| exchange2 | 109  | 110                                            | 108       | 108       | 109       |
| XZ        | 119  | 114                                            | 114       | 115       | 115       |
| MEAN      | 100% | 100.6%                                         | 99.5%     | 100.9%    | 101.0%    |

4 x Rocket-Cores, 4MB /16-way L3 Cache)

Randomized Cache with 3 - 6 cycles extra access latency  $\rightarrow$  limited slowdown of <1%

#### Claim: MIRAGE has set-conflicts within 100K cache accesses & is broken.

A. Chakraborty, S. Bhattacharya, S. Saha, and D. Mukhopadhyay, "Are Randomized Caches Truly Random? Formal Analysis of Randomized-Partitioned Caches". Published In HPCA'23.



# ▶ python3 main.py 262144 16384 229376 valid eviction ASSERT FAILURE: assert(Valid Tags <= Cache Capacity). Valid Tags : 295339, Cache Capacity : 262144 valid eviction ASSERT FAILURE: assert(Valid Tags <= Cache Capacity). Valid Tags : 301414, Cache Capacity : 262144 valid eviction</pre>

#### Claim: MIRAGE has set-conflicts within 100K cache accesses & is broken.

A. Chakraborty, S. Bhattacharya, S. Saha, and D. Mukhopadhyay, "Are Randomized Caches Truly Random?" Formal Analysis of Randomized-Partitioned Caches". Published In HPCA'23.



#### Claim: MIRAGE has set-conflicts within 100K cache accesses & is broken.

A. Chakraborty, S. Bhattacharya, S. Saha, and D. Mukhopadhyay, "Are Randomized Caches Truly Random? Formal Analysis of Randomized-Partitioned Caches". Published In HPCA'23.



#### Claim: MIRAGE has set-conflicts within 100K cache accesses & is broken.

A. Chakraborty, S. Bhattacharya, S. Saha, and D. Mukhopadhyay, "Are Randomized Caches Truly Random? Formal Analysis of Randomized-Partitioned Caches". Published In HPCA'23.



5000

10000

Indices (sorted)

15000

#### Claim: MIRAGE has set-conflicts within 100K cache accesses & is broken.

A. Chakraborty, S. Bhattacharya, S. Saha, and D. Mukhopadhyay, "Are Randomized Caches Truly Random? Formal Analysis of Randomized-Partitioned Caches". Published In HPCA'23.



#### Claim: MIRAGE has set-conflicts within 100K cache accesses & is broken.

A. Chakraborty, S. Bhattacharya, S. Saha, and D. Mukhopadhyay, "Are Randomized Caches Truly Random? Formal Analysis of Randomized-Partitioned Caches". Published In HPCA'23.



#### After Fixing Bugs in Authors' Simulator, No Set-Conflicts observed in MIRAGE (as expected)

More details: <u>https://github.com/gururaj-s/refuting\_HPCA23\_randCache</u>

# **Takeways from MIRAGE**



Principled Randomized Cache → Future-Proof Security

MIRAGE enables fully-associative evictions (leaking no address information) practically

#### Impact: MIRAGE Promises an End to the Arms Race

Between 2018 - 2020, 5 defenses were broken by 6 attacks. MIRAGE has been unbroken since 2020