We propose DAWG, Dynamically Allocated Way Guard, a generic mechanism for secure way partitioning of set associative structures including memory caches. DAWG endows a set associative structure with a notion of protection domains to provide strong isolation. When applied to a cache, unlike existing quality of service mechanisms such as Intel's Cache Allocation Technology (CAT), DAWG isolates hits and metadata updates across protection domains. We describe how DAWG can be implemented on a processor with minimal modifications to modern operating systems. We argue a non-interference property that is orthogonal to speculative execution and therefore argue that existing attacks such as Spectre Variant 1 and 2 will not work on a system equipped with DAWG. Finally, we evaluate the performance impact of DAWG on the cache subsystem.
Category / Keywords: foundations / secure processor, cache timing attack, cache partitioning, side channels Date: received 7 May 2018, last revised 6 Sep 2018 Contact author: devadas at mit edu Available format(s): PDF | BibTeX Citation Version: 20190217:224315 (All versions of this report) Short URL: ia.cr/2018/418