Guard Cache: Creating Noisy Side-Channels

Microarchitectural innovations such as deep cache hierarchies, out-of-order execution, branch prediction and speculative execution have made possible the design of processors that meet ever-increasing demands for performance. However, these innovations have inadvertently introduced vulnerabilities, which are exploited by side-channel attacks and attacks relying on speculative executions. Mitigating the attacks while preserving the performance has been a challenge. In this letter we present an approach to obfuscate cache timing, making it more difficult for side-channel attacks to succeed. We create false cache hits using a small Guard Cache with randomization, and false cache misses by randomly evicting cache lines. We show that our false hits and false misses cause very minimal performance penalties and our obfuscation can make it difficult for common side-channel attacks such as Prime & Probe, Flush & Reload or Evict & Time to succeed.