1. Field of the Invention
The present invention relates to computer memory. More specifically, the present invention relates to a cache memory having enhanced performance and security features.
2. Related Art
Cache memory is an important component of modern computer processors. Typically, cache memory is manufactured from high-speed memory and is provided on the same chip as a microprocessor. To alleviate processor delays associated with having to obtain information from main memory (which is slower than cache memory), modern cache memories store copies of frequently-accessed information from main memory, so that such information can be quickly retrieved from the cache memory. If a desired piece of information exists in the cache memory, a “hit” is said to have occurred; otherwise, a “miss” occurs, and the processor obtains the desired information from main memory.
Ideally, cache memories should have both short access times and low miss rates to minimize average memory access delay. Unfortunately, cache memories which achieve the best access times, such as direct-mapped (DM) cache memories, suffer from high miss rates. Fully associative (FA) or set-associative (SA) cache memories achieve the best miss-rates, but at the cost of increased access times and power consumption.
Power efficiency is also a critical issue in cache memory design. Lower power dissipation provides the benefits of longer battery life for mobile devices and reduced wear of the memory. Higher power consumption causes heating and reliability problems, which limit performance. Increasing faults and “hot spots” are also concerns—especially in the deep-submicron era of modern microprocessors. Due to the shrinking of technology feature sizes, process variations increase the number of faulty devices with excessive delay or leakage power. Also, current densities become higher, thereby unduly heating the chip and causing hot spots. Both of these outcomes adversely impact chip yields and device lifetimes.
Another new and important aspect for cache memory design is security. Recent software cache-based, side-channel attacks show that cache memories are highly vulnerable to leakage of critical information such as cryptographic keys. They rely only on the timing difference between cache hits and misses, and therefore are effective on all caches, impacting a wide range of platforms and users. Since security solutions often lead to very restrictive design, they typically result in severe performance degradation.
Recent attacks have shown that, in spite of software protections such as address space isolation or secure Virtual Machines, hardware caches in processors introduce interference between programs and users. For example, a given process can evict cache lines of other processes, causing them to miss cache accesses. As demonstrated by the recent cache-based side channel attacks, critical information (e.g., cryptographic keys) can easily be leaked out due to the aforementioned cache behavior. In contrast to traditional cryptanalysis, these cache-based attacks allow the recovery of the full secret cryptographic key and require much less time and computation power. Furthermore, these attacks can succeed on almost all processors with caches, since they rely only on hits and misses that occur in all caches. Such attacks are also very easy to launch: a remote computer user can become an attacker without the need for special equipment.
Both software and hardware techniques have been proposed to mitigate the information leakage problem in caches. Software techniques mostly involve rewriting the code to prevent known attacks from succeeding. One software solution is to avoid using memory access operations (e.g., replacing Advanced Encryption Standard (AES) table lookups with arithmetic and logical operations). The performance overhead, however, can be very high, and the method is not applicable to all situations. Another software countermeasure preloads objects into the cache before any use of them, so that all subsequent accesses achieve cache hits, thus leaking no information. This approach, however is not really secure since the preloaded objects could be evicted by other memory references at a later time. Researchers have also proposed using alternative tables, table permutation, and algorithmic masking to mitigate cache-based attacks. Such methods, however, can lead to significant performance degradation, e.g., delays of approximately 2 to 4 times slower in the case of AES. In general, software countermeasures incur significant performance degradation, and are often not secure enough due to the behavior of the underlying hardware cache. Software methods, alone, are not sufficient to provide secure yet high performance mitigation of cache-based information leakage.
Hardware methods have also been proposed. Cache partitioning (“Partitioned” cache) and cache line locking (“PLcache”) prevent undesirable cache evictions if the objects are put into a private partition or locked in cache, respectively, thus helping to achieve constant execution time. Another approach uses a randomization-based approach, allowing interference but randomizing it so that it carries no information. The drawback of cache partitioning and cache line locking is cache under-utilization. Cache lines that are locked or belong to a private partition cannot be used by other processes, even when they are unused. The randomization-based approach can avoid cache underutilization.
In summary, the information leakage problem in caches introduces a new challenge in cache design. In addition to performance, power efficiency, reliability, etc., cache designers have to also take security into account, which typically introduces even more restrictions in cache design and compromises other design goals.