................................................................................................................................................................................................................. NEWCACHE:SECURE C ACHE ARCHITECTURE THWARTING C ACHE SIDE-CHANNEL A TTACKS ................................................................................................................................................................................................................. NEWCACHE IS A SECURE CACHE THAT THWARTS CACHE SIDE-CHANNEL ATTACKS, PREVENTING THE LEAKAGE OF CRITICAL INFORMATION.THE AUTHORS PRESENT AN IMPROVED DESIGN OF NEWCACHE, IN TERMS OF SECURITY, CIRCUIT DESIGN, AND SIMPLICITY.THEY SHOW NEWCACHE’S SECURITY AGAINST A SUITE OF CACHE SIDE- CHANNEL ATTACKS AND DESIGN A TEST CHIP TO PROVE ITS FEASIBILITY.NEWCACHE’S SYSTEM PERFORMANCE IS AS GOOD AS CONVENTIONAL SET-ASSOCIATIVE CACHES. ...... An increasing amount of sensitive data and proprietary programs are now stored in cyberspace. With the escalating number of cyberattacks, it is crucial that we protect the confidentiality and integrity of data and programs in our networked com- puters. Although strong cryptography can be used to encrypt and authenticate data, this protection is rendered useless if the secret crypto keys can be leaked out. It turns out that this can be done rather easily through cache side-channel attacks, which are soft- ware attacks on hardware caches. Today, all processors with caches—from embedded sys- tems to smartphones to cloud computers— are susceptible to these cache side-channel attacks. Software memory isolation mechanisms, like virtual machine or process isolation, can- not prevent cache side-channel attacks because the underlying hardware caches are still shared. Also, it is important to under- stand that leakage of critical information through cache side-channel attacks happens with correctly functioning caches. Unlike software security vulnerabilities that are due to software bugs, cache side-channel attacks are not due to hardware flaws. They use the caches’ intrinsic behaviors, wherein cache hits are fast and cache misses are slow. Although researchers have proposed soft- ware solutions to cache side-channel attacks, they incur significant performance degrada- tion—reported as 3 to 10 slowdown. 1 Also, their security is not assured, because software cannot directly control the hard- ware-managed caches, which can change with different implementations of the pro- cessor-cache subsystem. Furthermore, al- though it might be possible to change the software for well-known crypto libraries, it is not possible to change all legacy software with embedded crypto routines, nor other software using secret or sensitive data or code. It may be more feasible to provide security for legacy programs by changing the Fangfei Liu Hao Wu Princeton University Kenneth Mai Carnegie Mellon University Ruby B. Lee Princeton University ....................................................... 8 Published by the IEEE Computer Society 0272-1732/16/$33.00  c 2016 IEEE