Xingjian Zhang,Ziqi Yuan,Rui Chang,Yajin Zhou

DOI: https://doi.org/10.1109/seed51797.2021.00014

2021-01-01

Abstract:Cache side-channel attacks can leak critical information from the target programs. The cache randomization methodology has proven to be an efficient way to mitigate such attacks. However, existing works do not take the cache hierarchy into consideration, failing to address the issue that different levels of caches have different performance and security requirements. In this work, we propose and implement a hybrid randomization scheme, named H(2)Cache, to mitigate cache side-channel attacks. H(2)Cache leverages two randomization approaches and applies them to different levels of caches. It strengthens the security of cache modules, while satisfying the performance and resource utilization requirements. Specifically, we design a table-based randomization method for the L1 cache, which uses a hashed virtual index to look up the actual cache set index. The L2 cache in H(2)Cache takes a computation-based randomization function to calculate the cache set index. We have implemented a prototype of H(2)Cache and extensively evaluated it using a self-designed RISC-V processor on the FPGA platform. We demonstrate the security of H(2)Cache through simulated attack programs and quantitative analysis. Meanwhile, the evaluation results of performance and resource utilization have shown its efficacy.

Kefei Wang,Jian Liu,Feng Chen

DOI: https://doi.org/10.14778/3397230.3397247

IF: 2.5

2020-01-01

Proceedings of the VLDB Endowment

Abstract:In today's data centers, memory-based key-value systems, such as Memcached and Redis, play an indispensable role in providing high-speed data services. The rapidly growing capacity and quickly falling price of DRAM memory in the past years have enabled us to create a large memory-based key-value store, which is able to serve hundreds of Gigabytes to even Terabytes of key-value data all in memory. Unfortunately, CPU cache in modern processors has not seen a similar growth in capacity, still remaining at the level of a few dozens of Megabytes. Such an extremely low cache-to-memory ratio (less than 0.1%) poses a significant new challenge---the limited CPU cache is becoming a severe performance bottleneck that hinders us from fully exploiting the great potential of high-speed memory-based key-value stores. To address this critical challenge, we propose a highly cache-efficient scheme, called Cavast , to optimize the cache utilization of large-capacity in-memory key-value stores. Our goal is to maximize cache efficiency and system performance without any hardware changes. We first present two light-weight, software-only mechanisms to enable user to indirectly control the cache content at application level. Then we propose a set of optimization policies to address several critical design issues that impair cache's efficacy in the current key-value store systems. By carefully reorganizing the data layout in memory, redesigning the hash indexing structure, and offloading garbage collection, we can effectively improve the utilization of the limited cache space. We have developed a module in Linux as a kernel-level support, and implemented two prototypes based on Memcached and Redis with the proposed Cavast scheme. Our experimental studies show promising results. On a 6-core Intel Xeon processor with only 15-MB cache, we can raise the cache hit ratio up to 82.7% with a very small cache-to-memory ratio (0.023%), and significantly increase the key-value system throughput by a factor of up to 4.2.

Quancheng Wang,Xige Zhang,Han Wang,Yuzhe Gu,Ming Tang

2024-06-12

Abstract:Caches are used to reduce the speed differential between the CPU and memory to improve the performance of modern processors. However, attackers can use contention-based cache timing attacks to steal sensitive information from victim processes through carefully designed cache eviction sets. And L1 data cache attacks are widely exploited and pose a significant privacy and confidentiality threat. Existing hardware-based countermeasures mainly focus on cache partitioning, randomization, and cache line flushing, which unfortunately either incur high overhead or can be circumvented by sophisticated attacks. In this paper, we propose a novel hardware-software co-design called BackCache with the idea of always achieving cache hits instead of cache misses to mitigate contention-based cache timing attacks on the L1 data cache. BackCache places the evicted cache lines from the L1 data cache into a fully-associative backup cache to hide the evictions. To improve the security of BackCache, we introduce a randomly used replacement policy (RURP) and a dynamic backup cache resizing mechanism. We also present a theoretical security analysis to demonstrate the effectiveness of BackCache. Our evaluation on the gem5 simulator shows that BackCache can degrade the performance by 2.61%, 2.66%, and 3.36% For OS kernel, single-thread, and multi-thread benchmarks.

Cryptography and Security,Hardware Architecture

Thomas Unterluggauer,Austin Harris,Scott Constable,Fangfei Liu,Carlos Rozas

DOI: https://doi.org/10.1109/SEED55351.2022.00009

2022-09-29

Abstract:Randomized, skewed caches (RSCs) such as CEASER-S have recently received much attention to defend against contention-based cache side channels. By randomizing and regularly changing the mapping(s) of addresses to cache sets, these techniques are designed to obfuscate the leakage of memory access patterns. However, new attack techniques, e.g., Prime+Prune+Probe, soon demonstrated the limits of RSCs as they allow attackers to more quickly learn which addresses contend in the cache and use this information to circumvent the randomization. To yet maintain side-channel resilience, RSCs must change the random mapping(s) more frequently with adverse effects on performance and implementation complexity. This work aims to make randomization-based approaches more robust to allow for reduced re-keying rates and presents Chameleon Cache. Chameleon Cache extends RSCs with a victim cache (VC) to decouple contention in the RSC from evictions observed by the user. The VC allows Chameleon Cache to make additional use of the multiple mappings RSCs provide to translate addresses to cache set indices: when a cache line is evicted from the RSC to the VC under one of its mappings, the VC automatically reinserts this evicted line back into the RSC by using a different mapping. As a result, the effects of previous RSC set contention are hidden and Chameleon Cache exhibits side-channel resistance and eviction patterns similar to fully associative caches with random replacement. We show that Chameleon Cache has performance overheads of < 1% and stress that VCs are more generically helpful to increase side-channel resistance and re-keying intervals of randomized caches.

Cryptography and Security,Hardware Architecture

Chang Li,Fei Qiao,Huazhong Yang

DOI: https://doi.org/10.1109/ICETC.2010.5529184

2010-01-01

Abstract:Embedded cryptographic devices not only suffer from traditional physical side channel attacks, but also undergo software cache-based side channel attacks recently. The attacks can easily get the user's confidential data via information leakage in caches, and don't require any special instruments. Among existing countermeasures, software solutions can defend the attacks perfectly while leading to significant performance degradation. Hardware solutions are very effective in reducing performance overhead while their structures are complex. This paper presents a novel easily implemented cache architecture which has an added small cache and adopts certain operation mechanism. Compared with traditional cache architecture, it has reduction in miss rate ranging between 20% and 50%, and has about 8.5% of reduction in power consumption, and is secure at the same time. This paper presents both theoretical analysis and experimental results. In our experiments, the MiBench suite is used to evaluate the cache performance of miss rate and energy consumption, and the security of cache is also analyzed. It also supplies the result of Synopsys Design Compiler of the RTL cache code under the 0.18μm CMOS technology.

Ghada Dessouky,Alexander Gruler,Pouya Mahmoody,Ahmad-Reza Sadeghi,Emmanuel Stapf

DOI: https://doi.org/10.48550/arXiv.2110.08139

2021-10-15

Abstract:Shared cache resources in multi-core processors are vulnerable to cache side-channel attacks. Recently proposed defenses have their own caveats: Randomization-based defenses are vulnerable to the evolving attack algorithms besides relying on weak cryptographic primitives, because they do not fundamentally address the root cause for cache side-channel attacks. Cache partitioning defenses, on the other hand, provide the strict resource partitioning and effectively block all side-channel threats. However, they usually rely on way-based partitioning which is not fine-grained and cannot scale to support a larger number of protection domains, e.g., in trusted execution environment (TEE) security architectures, besides degrading performance and often resulting in cache underutilization. To overcome the shortcomings of both approaches, we present a novel and flexible set-associative cache partitioning design for TEE architectures, called Chunked-Cache. Chunked-Cache enables an execution context to "carve" out an exclusive configurable chunk of the cache if the execution requires side-channel resilience. If side-channel resilience is not required, mainstream cache resources are freely utilized. Hence, our solution addresses the security-performance trade-off practically by enabling selective and on-demand utilization of side-channel-resilient caches, while providing well-grounded future-proof security guarantees. We show that Chunked-Cache provides side-channel-resilient cache utilization for sensitive code execution, with small hardware overhead, while incurring no performance overhead on the OS. We also show that it outperforms conventional way-based cache partitioning by 43%, while scaling significantly better to support a larger number of protection domains.

Cryptography and Security

Guangyuan Hu,Ruby B. Lee

2023-06-05

Abstract:Hardware caches are essential performance optimization features in modern processors to reduce the effective memory access time. Unfortunately, they are also the prime targets for attacks on computer processors because they are high-bandwidth and reliable side or covert channels for leaking secrets. Conventional cache timing attacks typically leak secret encryption keys, while recent speculative execution attacks typically leak arbitrary illegally-obtained secrets through cache timing channels. While many hardware defenses have been proposed for each class of attacks, we show that those for conventional (non-speculative) cache timing channels do not work for all speculative execution attacks, and vice versa. We maintain that a cache is not secure unless it can defend against both of these major attack classes. We propose a new methodology and framework for covering such relatively large attack surfaces to produce a Speculative and Timing Attack Resilient (STAR) cache subsystem. We use this to design two comprehensive secure cache architectures, STAR-FARR and STAR-NEWS, that have very low performance overheads of 5.6% and 6.8%, respectively. To the best of our knowledge, these are the first secure cache designs that cover both non-speculative cache side channels and cache-based speculative execution attacks. Our methodology can be used to compose and check other secure cache designs. It can also be extended to other attack classes and hardware systems. Additionally, we also highlight the intrinsic security and performance benefits of a randomized cache like a real Fully Associative cache with Random Replacement (FARR) and a lower-latency, speculation-aware version (NEWS).

Cryptography and Security,Hardware Architecture

Qinhan Tan,Zhihua Zeng,Kai Bu,Kui Ren

DOI: https://doi.org/10.14722/ndss.2020.24086

2020-01-01

Abstract:Cache conflicts due to deterministic memory-to-cache mapping have long been exploited to leak sensitive information such as secret keys. While randomized mapping is fully investigated for L1 caches, it still remains unresolved about how to secure a much larger last-level cache (LLC). Recent solutions periodically change the mapping strategy to disrupt the crafting of conflicted addresses, which is a critical attack procedure to exploit cache conflicts. Remapping, however, increases both miss rate and access latency. We present PhantomCache for securing an LLC with remapping-free randomized mapping. We propose a localized randomization technique to bound randomized mapping of a memory address within only a limited number of cache sets. The small randomization space offers fast set search over an LLC in a memory access. The intrinsic randomness still suffices to obfuscate conflicts and disrupt efficient exploitation of conflicted addresses. We evaluate PhantomCache against an attacker exploring the state-of-the-art attack with linear-complexity. To secure an 8-bank 16 MB 16-way LLC, PhantomCache confines randomization space of an address within 8 sets and brings only 1.20% performance degradation on individual benchmarks, 0.50% performance degradation on mixed workloads, and 0.50% storage overhead per cache line, which are 2x and 9x more efficient than the state-of-the-art solutions. Moreover, PhantomCache is solely an architectural solution and requires no software change.

Mengming Li,Kai Bu,Chenlu Miao,Kui Ren

DOI: https://doi.org/10.1109/tdsc.2024.3354991

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Cache side-channel attacks remain a stubborn source of cross-core secret leakage. Such attacks exploit the timing difference between cache hits and misses. Most defenses thus choose to prevent cache evictions. Given that two possible types of evictions—flush-based and conflict-based—use different architectural features, these defenses have to integrate hybrid defense strategies, incur OS modification, and sacrifice performance to completely throttle cache side-channel attacks. In this paper, we present TreasureCache against cache side-channel attacks without modifying OS or sacrificing performance. Instead of preventing cache evictions with various costs, we advocate to allow cache evictions as is and hide exploitable evictions in our specialized small eviction-hidden buffer. The buffer guarantees a fast hit time comparative to LLC hits. This instantly closes the timing gap between accessing exploitable blocks when they are in and out of the LLC. Moreover, with the help of our buffer, we no longer have to disable flush instructions or shared memory. A lightweight constant-time flush instruction can help TreasureCache to prevent both flush-based and conflict-based side-channel attacks. We validate TreasureCache security and performance through extensive experiments. With a hardware overhead of less than 0.5%, TreasureCache reduces the secret-leakage resolution by about 1,000 times without introducing any performance slowdown.

Chao Zhang,Guangyu Sun,Peng Li,Tao Wang,Dimin Niu,Yiran Chen

DOI: https://doi.org/10.1145/2627369.2627611

2014-01-01

Abstract:Asymmetric-access caches with emerging technologies, such as STT-RAM and RRAM, have become very competitive designs recently. Since the write operations consume more time and energy than read ones, data should bypass an asymmetric-access cache unless the locality can justify the data allocation. However, the asymmetric-access property is not well addressed in prior bypassing approaches, which are not energy efficient and induce non-trivial operation overhead. To overcome these problems, we propose a cache bypassing method, SBAC, based on data locality statistics of the whole cache rather than a single cache line's signature. We observe that the decision-making of SBAC is highly accurate and the optimization technique for SBAC works efficiently for multiple applications running concurrently. Experiments show that SBAC cuts down overall energy consumption by 22.3%, and reduces execution time by 8.3%. Compared to prior approaches, the design overhead of SBAC is trivial.

Wei Song,Zihan Xue,Jinchi Han,Zhenzhen Li,Peng Liu

DOI: https://doi.org/10.1109/tc.2024.3349659

IF: 3.183

2024-03-15

IEEE Transactions on Computers

Abstract:Conflict-based cache side-channel attacks against the last-level cache (LLC) is a widely exploited method for information leaking. Cache randomization has recently been accepted as a promising defense. Most of recent designs randomize skewed caches rather than classic set-associative caches; however, skewed caches incur substantial performance overhead both in area and runtime. We cautiously argue that randomized set-associative caches can be sufficiently strengthened and possess a better chance to be adopted in the near future. For the first time, a dynamically randomized set-associative cache has been implemented in the LLC of a Linux capable multicore processor. A single-cycle hash logic is designed for randomizing the cache set indices. A multi-step relocation scheme is used to reduce the cost in remapping the cache layout. The randomized cache layout is remapped periodically for limiting the time window available to attackers. An attack detector is implemented to catch attacks in action and consequently trigger extra remaps. The evaluation results show that the randomized LLC has been sufficiently strengthened to thwart all existing fast algorithms for searching eviction sets with only marginal runtime overhead, and small area and power overhead.

engineering, electrical & electronic,computer science, hardware & architecture

Yingjie Zhao,Nong Xiao

DOI: https://doi.org/10.1109/icycs.2008.342

2008-01-01

Abstract:Ever since a long time ago, recency and frequency are not to be sneezed at design of cache management policy. Meanwhile, hit ratio is used to estimate whether a cache replacement policy is good or not. The influence of miss penalty on cache performance is neglected incorrectly. In fact, the cache miss penalty can vary by almost one or two orders of magnitude among different policies because of tremendous divergence between sequential access rate and random access rate of disk. We notice the phenomena and propose a novel cache management policy, namely, sequential access based cache replacement, or Saber for short, where the non-uniform weights of sequentiality are dynamically assigned to buffered pages depending on page locations in the disk to determine the candidate victim. In the case, isolated pages will stay longer than neighboring ones in the memory. Hence, hard disks will work under sequential access mode as much as possible, which can improve cache performance by reducing the cache miss penalty and the mean access latency.

Yingjie Zhao,Nong Xiao

DOI: https://doi.org/10.1109/GCC.2008.68

2008-01-01

Abstract:Multi-level cache hierarchies are very common in today's networked storage environments. Dedicated data servers or file servers are simultaneously accessed by multi-applications of multi-clients. Workload shift results in cache pollution and degrade of hit ratio. Widely used cache policies work well on the case when a single level cache separates the data provider and data consumer, but poorly on the second level buffer cache scenarios. To avoid the threshing induced by improper cache policies, Lustre file system even abandons the idea of employing server-side buffer caches. However, it suffers from poor performance on random access. We propose a novel cache replacement policy 2C, namely the 2nd level Cache replacement policy, which provides fast access to random pages without extra degrade of hit ratio. 2C detects sequential pages and reclaims memory for random access, so hit ratio of random access is increased significantly. Because 2C reduces the overhead of seeking and rotating time mainly induced by disk head movements of random access, it improves the effective access time of overall storage systems. Our simulation results show that 2C performs better than LRU for a wide range of cache sizes and random/sequential workloads.

Esteban Garzón,Robert Hanhan,Marco Lanuzza,Adam Teman,Leonid Yavits

DOI: https://doi.org/10.1109/access.2024.3355961

IF: 3.9

2024-02-03

IEEE Access

Abstract:Associative access is widely used in fundamental microarchitectural components, such as caches and TLBs. However, associative (or content addressable) memories (CAMs) have been traditionally considered too large, too energy-hungry, and not scalable, and therefore, have limited use in modern computer microarchitecture. This work revisits these presumptions and proposes an energy-efficient fully-associative tag array (FASTA) architecture, based on a novel complementary CAM (CCAM) bitcell. CCAM offers a full CMOS solution for CAM, removing the need for time- and energy-consuming precharge and combining the speed of NOR CAM and low energy consumption of NAND CAM. While providing better performance and energy consumption, CCAM features a larger area compared to state-of-the-art CAM designs. We further show how FASTA can be used to construct a novel aliasing-free, energy-efficient, Very-Many-Way Associative (VMWA) cache. Circuit-level simulations using 16 nm FinFET technology show that a 128 kB FASTA-based 256-way 8-set associative cache is 28% faster and consumes 88% less energy-per-access than a same sized 8-way (256-set) SRAM based cache, while also providing aliasing-free operation. System-level evaluation performed on the Sniper simulator shows that the VMWA cache exhibits lower Misses Per Kilo Instructions (MPKI) for the majority of benchmarks. Specifically, the 256-way associative cache achieves 17.3%, 11.5%, and 1.2% lower average MPKI for L1, L2, and L3 caches, respectively, compared to a 16-way associative cache. The average IPC improvement for L1, L2, and L3 caches are 1.6%, 1.4%, and 0.2%, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ziqiao Zhou,Michael K. Reiter,Yinqian Zhang

DOI: https://doi.org/10.48550/arXiv.1603.05615

2016-03-18

Abstract:We present a software approach to mitigate access-driven side-channel attacks that leverage last-level caches (LLCs) shared across cores to leak information between security domains (e.g., tenants in a cloud). Our approach dynamically manages physical memory pages shared between security domains to disable sharing of LLC lines, thus preventing "Flush-Reload" side channels via LLCs. It also manages cacheability of memory pages to thwart cross-tenant "Prime-Probe" attacks in LLCs. We have implemented our approach as a memory management subsystem called CacheBar within the Linux kernel to intervene on such side channels across container boundaries, as containers are a common method for enforcing tenant isolation in Platform-as-a-Service (PaaS) clouds. Through formal verification, principled analysis, and empirical evaluation, we show that CacheBar achieves strong security with small performance overheads for PaaS workloads.

Cryptography and Security

Han Wang,Ming Tang,Ke Xu,Quancheng Wang

DOI: https://doi.org/10.23919/date58400.2024.10546529

2024-01-01

Abstract:In the modern CPU architecture, enhancements such as the Line Fill Buffer (LFB) and Super Queue (SQ), which are designed to track pending cache requests, have significantly boosted performance. To exploit this structure, we deliberately engineered blockages in the L2 to L1d route by controlling LFB conflict and triggering prefetch prediction failures, while consciously dismissing other plausible influencing factors. This approach was subsequently extended to the L3 to L2 and L2 to L1i pathways, resulting in three potent covert channels, termed L2CC, L3CC, and LiCC, with capacities of 10.02 Mbps, 10.37 Mbps, and 1.83 Mbps, respectively. Strikingly, the capacities of L2CC and L3CC surpass those of earlier non-shared-memory-based covert channels, reaching a level comparable to their shared memory-dependent equivalents. Leveraging this congestion further facilitated the extraction of key bits from RSA and EdDSA designs. Coupled with SpectreV1 and V2, our covert channels effectively evade the majority of traditional Spectre defenses. Their confluence with Branch Prediction (BP) Timing assaults additionally undercuts balanced branch protections, hence broad-ening their capability to infiltrate a wide range of cryptography libraries. Index

Guangyu Sun,Chao Zhang,Peng Li,Tao Wang,Yiran Chen

DOI: https://doi.org/10.1109/tc.2016.2529621

IF: 3.183

2016-01-01

IEEE Transactions on Computers

Abstract:With the increasing data throughput requirement, non-volatile memories, such as STT-RAM, PCM and RRAM, have become very competitive designs as on-chip caches in chip-multi-processors (CMPs). Since the write operations are more expensive in an asymmetric-access cache, it is more valuable to justify the data allocation. However, the asymmetric-access property of non-volatile memory is not well addressed in prior bypassing approaches, which are not energy efficient and induce non-trivial operation overhead. In this paper, we propose cache-bypassing methods designed for non-volatile memory. The basic method, SBAC, is based on data locality statistics of the whole cache rather than a signature of each cache line. The multicore extensions, SBAC-C and SBAC-G, strengthen the SBAC by distinguishing data patterns in CMPs. We observe that the decision-making of SBAC and its multicore extensions is highly accurate. Experiments show that SBAC can reduce overall energy consumption by 22.3 percent, and reduce execution time by 8.3 percent on average. The energy consumption is reduced by 21.4 and 23.4 percent for SBAC-C and SBAC-G. And the performance is improved by 7.8 and 9.6 percent for SBAC-C and SBAC-G in multicore scenario. Compared to prior approaches, SBAC outperforms and induces trivial design overhead.

Xiaodong Shi,Dan Feng

DOI: https://doi.org/10.4304/jcp.7.8.1853-1864

2012-01-01

Journal of Computers

Abstract:In model storage systems, the multilevel buffer caches hierarchy is widely used to improve the I/O performance of disks. In the hierarchy, the referenced pages in second-level buffer cache have larger reuse distance that is the number of accesses between two references to the same block in a reference sequence. These reuse distances have close value with their lifetime- the time they are conserved in buffer cache. Therefore, this tiny difference can be more easily eliminated by the prefetched (not yet accessed) data that reduces the lifetime of referenced pages. This leads more pages than those replaced by prefetching to lose their re-access opportunity. This anomaly influence can significantly reduce the overall hit ratio of buffer cache and, unfortunately, it is ignored by traditional sequential prefetching algorithms. To address this problem, we propose an Adaptive SEquential Prefetching (named ASEP) that uncovers this anomaly influence and adaptively adjusts the prefetching depth by considering the access characteristics in second-level buffer cache. We extensively evaluate ASEP by conducting trace driven experiments with a prototype implements in Linux (software RAID-MD). The experiments’ results, under varied workloads from transaction processing applications to Web searching applications, show that ASEP outperforms the default sequential prefetching scheme in Linux kernel and other heuristic schemes, with the response time improvement by up to 49.7% and the cache hit ratio improvement ranging from 0.2~ 8.5%.

Divya Ojha,Sandhya Dwarkadas

2024-08-26

Abstract:Shared caches are vulnerable to side channel attacks through contention in cache sets. Besides being a simple source of information leak, these side channels form useful gadgets for more sophisticated attacks that compromise the security of shared systems. The fundamental design aspect that contention attacks exploit is the deterministic nature of the set of addresses contending for a cache set. In this paper, we present RollingCache, a cache design that defends against contention attacks by dynamically changing the set of addresses contending for cache sets. Unlike prior defenses, RollingCache does not rely on address encryption/decryption, data relocation, or cache partitioning. We use one level of indirection to implement dynamic mapping controlled by the whole-cache runtime behavior. Our solution does not depend on having defined security domains, and can defend against an attacker running on the same or another core. We evaluate RollingCache on ChampSim using the SPEC-2017 benchmark suite. Our security evaluation shows that our dynamic mapping removes the deterministic ability to identify the source of contention. The performance evaluation shows an impact of 1.67\% over a mix of workloads, with a corresponding

Cryptography and Security,Hardware Architecture

Shanjiang Tang,Qifei Chai,Ce Yu,Yusen Li,Chao Sun

DOI: https://doi.org/10.1145/3404397.3404450

2020-01-01

Abstract:Data caching and sharing is an effective approach for achieving high performance to many applications in shared platforms such as the cloud. DRAM and SSD are two popular caching devices widely used by many large-scale data application systems such Hadoop and Spark. Due to the limited size of DRAM as well as the large access latency of SSD (relative to DRAM), there is a trend of integrating DRAM and SSD (called semi-external memory) together for large-scale data caching. In this paper, we focus on the semi-external memory cache sharing for multiple users/applications. Two critical metrics, i.e., fairness and efficiency, are considered for the semi-external memory with several challenges. First, it should be sensitive to DRAM and SSD for the semi-external memory in view of their different access latencies. Second, it is crucial to have a policy that can balance fairness and efficiency elastically since there tends to be a tradeoff between them. Third, there is a cheating problem for efficiency cache allocation and we should have a robust allocation policy to address it. We propose a new policy called ElasticSEM for the semi-external memory. It performs the fair allocation of cache resources as a whole with the awareness of different access latencies between DRAM and SSD. Moreover, it contains a knob that allows users to tune and balance fairness and performance flexibly with a guarantee of θ-relaxed fairness, where θ-relaxed fairness refers to as the maximum difference of estimated cache resource allocations between any two users in SEM. Finally, we implement ElasticSEM in an in-memory storage system called Alluxio. The testbed experimental results show that ElasticSEM can achieve high performance and fairness.