Cache-based side channel attack is one of the most serious side channel attacks.Since caches are shared hardware resource,cache state affects and is affected by all processes,in terms of memory access time.
The contention between the attacker and the victim processes enables the attacker to infer which memory address is accessed by the victim. If the memory address depends on some secret information, the attacker can immediately deduce the secret information, which nullifies any protection provided by strong cryptography and memory protection.
Recently researchers found new approach to exploit side channel attack from browser context, which make side channel attack more risky for end user. A common technique used by the attacker to monitor the victim’s cache usage is called Prime-Probe. At the Prime stage,the attacker occupies one or more cache sets with his own data.After a short time interval,at the Probe stage, the attacker measures the time taken to reload each cache set of his data that is primed at the Prime stage. If the victim accesses the same cache set during the time interval, the attacker’s data will be evicted out of the cache and hence the attacker will get a cache miss(longer reloadtime) at the Probe stage.
In this way, the attacker can monitor the victim’s memory access with fine granularity. To defense this kinds of cache-based side channel attack, we will present how to use Intel Cache Allocation Technique to limit the process cache access and avoid potential side channel attack from untrusted process.