Xingjian Zhang,Ziqi Yuan,Rui Chang,Yajin Zhou

DOI: https://doi.org/10.1109/seed51797.2021.00014

2021-01-01

Abstract:Cache side-channel attacks can leak critical information from the target programs. The cache randomization methodology has proven to be an efficient way to mitigate such attacks. However, existing works do not take the cache hierarchy into consideration, failing to address the issue that different levels of caches have different performance and security requirements. In this work, we propose and implement a hybrid randomization scheme, named H(2)Cache, to mitigate cache side-channel attacks. H(2)Cache leverages two randomization approaches and applies them to different levels of caches. It strengthens the security of cache modules, while satisfying the performance and resource utilization requirements. Specifically, we design a table-based randomization method for the L1 cache, which uses a hashed virtual index to look up the actual cache set index. The L2 cache in H(2)Cache takes a computation-based randomization function to calculate the cache set index. We have implemented a prototype of H(2)Cache and extensively evaluated it using a self-designed RISC-V processor on the FPGA platform. We demonstrate the security of H(2)Cache through simulated attack programs and quantitative analysis. Meanwhile, the evaluation results of performance and resource utilization have shown its efficacy.

Wu Dehua,Xiao Wan’ang,Gao Shan,Gao Wanlin

DOI: https://doi.org/10.1051/matecconf/202235503054

2022-01-01

MATEC Web of Conferences

Abstract:The Spectre attacks exploit the speculative execution vulnerabilities to exfiltrate private information by building a leakage channel. Creation of a leakage channel is the basic element for spectre attacks, among which the cache-tag side channel is considered to be the most serious one. To block the leakage channels, a novel cache applies Dynamic Mapping technology, named DmCache, is presented in this paper. DmCache applies a dynamic mapping mechanism to temporarily store all the cache lines polluted by speculative execution and keep invisible when accessing. Then it monitors the head of the reorder buffer to determine which polluted cache line can become visible. In this paper, we demonstrated that Spectre attacks exerted no impact on a processor system equipped with DmCache based on the analysis of the processor’s circuit behaviour, which equipped with the DmCache and under the Spectre attack.

Han Wang,Ming Tang,Ke Xu,Quancheng Wang

DOI: https://doi.org/10.23919/date58400.2024.10546529

2024-01-01

Abstract:In the modern CPU architecture, enhancements such as the Line Fill Buffer (LFB) and Super Queue (SQ), which are designed to track pending cache requests, have significantly boosted performance. To exploit this structure, we deliberately engineered blockages in the L2 to L1d route by controlling LFB conflict and triggering prefetch prediction failures, while consciously dismissing other plausible influencing factors. This approach was subsequently extended to the L3 to L2 and L2 to L1i pathways, resulting in three potent covert channels, termed L2CC, L3CC, and LiCC, with capacities of 10.02 Mbps, 10.37 Mbps, and 1.83 Mbps, respectively. Strikingly, the capacities of L2CC and L3CC surpass those of earlier non-shared-memory-based covert channels, reaching a level comparable to their shared memory-dependent equivalents. Leveraging this congestion further facilitated the extraction of key bits from RSA and EdDSA designs. Coupled with SpectreV1 and V2, our covert channels effectively evade the majority of traditional Spectre defenses. Their confluence with Branch Prediction (BP) Timing assaults additionally undercuts balanced branch protections, hence broad-ening their capability to infiltrate a wide range of cryptography libraries. Index

Kefei Wang,Jian Liu,Feng Chen

DOI: https://doi.org/10.14778/3397230.3397247

IF: 2.5

2020-01-01

Proceedings of the VLDB Endowment

Abstract:In today's data centers, memory-based key-value systems, such as Memcached and Redis, play an indispensable role in providing high-speed data services. The rapidly growing capacity and quickly falling price of DRAM memory in the past years have enabled us to create a large memory-based key-value store, which is able to serve hundreds of Gigabytes to even Terabytes of key-value data all in memory. Unfortunately, CPU cache in modern processors has not seen a similar growth in capacity, still remaining at the level of a few dozens of Megabytes. Such an extremely low cache-to-memory ratio (less than 0.1%) poses a significant new challenge---the limited CPU cache is becoming a severe performance bottleneck that hinders us from fully exploiting the great potential of high-speed memory-based key-value stores. To address this critical challenge, we propose a highly cache-efficient scheme, called Cavast , to optimize the cache utilization of large-capacity in-memory key-value stores. Our goal is to maximize cache efficiency and system performance without any hardware changes. We first present two light-weight, software-only mechanisms to enable user to indirectly control the cache content at application level. Then we propose a set of optimization policies to address several critical design issues that impair cache's efficacy in the current key-value store systems. By carefully reorganizing the data layout in memory, redesigning the hash indexing structure, and offloading garbage collection, we can effectively improve the utilization of the limited cache space. We have developed a module in Linux as a kernel-level support, and implemented two prototypes based on Memcached and Redis with the proposed Cavast scheme. Our experimental studies show promising results. On a 6-core Intel Xeon processor with only 15-MB cache, we can raise the cache hit ratio up to 82.7% with a very small cache-to-memory ratio (0.023%), and significantly increase the key-value system throughput by a factor of up to 4.2.

Zhe Zhou,Xiaoyu Cheng,Yang Sun,Fang Jiang,Fei Tong,Yuxing Mao,Ruilin Wang

DOI: https://doi.org/10.1109/trustcom56396.2022.00166

2022-01-01

Abstract:Modern processors make use of optimization techniques such as cache and speculation mechanisms to greatly improve performance. But recent research has found that these techniques can also be exploited by attackers to perform powerful side-channel attacks. A large number of powerful cache-based attacks have been replicated and enhanced over Intel X86- and ARM-based architectures, but there is a relative lack of research on RISC-V-based architectures. Xuantie-910 and BOOM are both RISC-V-based processors. So far, cache-side channels in the unprivileged case of Xuantie-910 have not been proven, while cache attacks against BOOM are proliferating. There are two types of caches, including physically-indexed physically-tagged (PIPT) cache (adopted by Xuantie-910) and virtually-indexed physically-tagged (VIPT) cache (adopted by BOOM), corresponding to two different cache addressing forms. VIPT has higher addressing performance than PIPT, since it can directly obtain cache line index from virtual address. In this paper, we study Xuantie-910 and BOOM to explore the impact of cache design on the security of RISC-V-based microarchitecture. Specifically, we compare the impact of their cache addressing forms on precise flushing of cache lines at specified locations, which plays an important role in cache side-channel attacks. Experimental results show that for the VIPT cache in BOOM, the location-specified cache lines can be accurately flushed, and Spectre attack can be successfully carried out by using the cache side-channel. On the other hand, for the PIPT cache in Xuantie-910, it is impossible for attackers to directly and accurately flush the specified location of cache without affecting performance, which hinders the success of cache side-channel attacks. This provides us with an insight that one can adopt a VIPT-based cache with a mechanism similar to PIPT for preventing the accurate access of cache line index, which can not only keep the advantage of high-performance addressing in VIPT but also improve chip security.

Anh-Tien Le,Trong-Thuc Hoang,Ba-Anh Dao,Akira Tsukamoto,Kuniyasu Suzaki,Cong-Kha Pham

DOI: https://doi.org/10.1016/j.compeleceng.2022.108546

2022-12-22

Abstract:The trust execution environment (TEE) provides a safe region, also known as a secret enclave, for executing private programs that need protection. This work proposed a cross-process exploitation scheme for conducting the cache side-channel attack, Spectre, on RISC-V processors with a trust execution environment. Practical experiments are provided to verify the protected enclave's security on RISC-V processors with the TEE. In these experiments, the attacker and victim do not share the same address space as in known implementations but are executed in separate processes. The experimental results show that initial leakage information from the cache memory can be recorded. To the best of our knowledge, no prior research has been conducted on the Spectre attack against RISC-V's TEE. This implementation will be a critical component for extending further cache side-channel experiments on the security of RISC-V processors.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Pavitra Bhade,Joseph Paturel,Olivier Sentieys,Sharad Sinha

DOI: https://doi.org/10.1145/3663673

2024-06-12

ACM Transactions on Embedded Computing Systems

Abstract:Cache Side-Channel Attacks (CSCAs) have been haunting most processor architectures for decades now. Existing approaches to mitigation of such attacks have certain drawbacks, namely software mishandling, performance overhead, and low throughput due to false alarms. Hence, “mitigation only when detected” should be the approach to minimize the effects of such drawbacks. We propose a novel methodology of fine-grained detection of timing-based CSCA using a hardware-based detection module. We discuss the design, implementation, and use of our proposed detection module in processor architectures. Our approach successfully detects attacks that flush secret victim information from cache memory like Flush+Reload, Flush+Flush, Prime+Probe, Evict+Probe, and Prime+Abort, commonly known as cache timing attacks. Detection is on time with minimal performance overhead. The parameterizable number of counters used in our module allows detection of multiple attacks on multiple sensitive locations simultaneously. The fine-grained nature ensures negligible false alarms, severely reducing the need for any unnecessary mitigation. The proposed work is evaluated by synthesizing the entire detection algorithm as an attack detection block, Edge-CaSCADe, in a RISC-V processor as a target example. The detection results are checked under different workload conditions with respect to the number of attackers and the number of victims having RSA-, AES-, and ECC-based encryption schemes like ECIES, and on benchmark applications like MiBench and Embench. More than 98% detection accuracy within 2% of the beginning of an attack can be achieved with negligible false alarms. The detection module has an area and power overhead of 0.9% to 2% and 1% to 2.1% for the targeted RISC-V processor core without cache for one to five counters, respectively. The detection module does not affect the processor critical path and hence has no impact on its maximum operating frequency.

computer science, software engineering, hardware & architecture

Han Wang,Ming Tang,Ke Xu,Quancheng Wang

2023-06-03

Abstract:In the modern CPU architecture, enhancements such as the Line Fill Buffer (LFB) and Super Queue (SQ), which are designed to track pending cache requests, have significantly boosted performance. To exploit this structures, we deliberately engineered blockages in the L2 to L1d route by controlling LFB conflict and triggering prefetch prediction failures, while consciously dismissing other plausible influencing factors. This approach was subsequently extended to the L3 to L2 and L2 to L1i pathways, resulting in three potent covert channels, termed L2CC, L3CC, and LiCC, with capacities of 10.02 Mbps, 10.37 Mbps, and 1.83 Mbps, respectively. Strikingly, the capacities of L2CC and L3CC surpass those of earlier non-shared-memory-based covert channels, reaching a level comparable to their shared memory-dependent equivalents. Leveraging this congestion further facilitated the extraction of key bits from RSA and EdDSA implementations. Coupled with SpectreV1 and V2, our covert channels effectively evade the majority of traditional Spectre defenses. Their confluence with Branch Prediction (BP) Timing assaults additionally undercuts balanced branch protections, hence broadening their capability to infiltrate a wide range of cryptography libraries.

Cryptography and Security

Jan Philipp Thoma,Christian Niesler,Dominic Funke,Gregor Leander,Pierre Mayr,Nils Pohl,Lucas Davi,Tim Güneysu

DOI: https://doi.org/10.48550/arXiv.2104.11469

2022-08-18

Abstract:In the recent past, we have witnessed the shift towards attacks on the microarchitectural CPU level. In particular, cache side-channels play a predominant role as they allow an attacker to exfiltrate secret information by exploiting the CPU microarchitecture. These subtle attacks exploit the architectural visibility of conflicting cache addresses. In this paper, we present ClepsydraCache, which mitigates state-of-the-art cache attacks using a novel combination of cache decay and index randomization. Each cache entry is linked with a Time-To-Live (TTL) value. We propose a new dynamic scheduling mechanism of the TTL which plays a fundamental role in preventing those attacks while maintaining performance. ClepsydraCache efficiently protects against the latest cache attacks such as Prime+(Prune+)Probe. We present a full prototype in gem5 and lay out a proof-of-concept hardware design of the TTL mechanism, which demonstrates the feasibility of deploying ClepsydraCache in real-world systems.

Cryptography and Security,Hardware Architecture

Hossam ElAtali,N. Asokan

2024-06-18

Abstract:Speculation is fundamental to achieving high CPU performance, yet it enables vulnerabilities such as Spectre attacks, which remain a significant challenge to mitigate without incurring substantial performance overheads. These attacks typically unfold in three steps: they speculatively access sensitive data (access), alter the cache state (transmit), and then utilize a cache timing attack (e.g., Flush+Reload) to extract the secret (receive). Most Spectre attacks exploit a cache timing side channel during the transmit and receive steps. Our key observation is that Spectre attacks do not require the transmit instruction to complete before mis-prediction is detected and mis-speculated instructions are squashed. Instead, it suffices for the instruction to execute and dispatch a request to the memory hierarchy. Responses from memory that arrive after squashing occurs still alter the cache state, including those related to mis-speculated memory accesses. We therefore propose a novel mitigation technique, Cancellable Memory Requests (CMR), that cancels mis-speculated memory requests. Immediately upon squashing, a cancellation is sent to the cache hierarchy, propagating downstream and preventing any changes to caches that have not yet received a response. This reduces the likelihood of cache state changes, thereby reducing the likelihood of Spectre attacks succeeding. We implement CMR on gem5 and show that it thwarts practical Spectre attacks, and has near-zero performance overheads. We show that CMR can completely thwart Spectre attacks in four real-world processors with realistic system configurations.

Cryptography and Security,Hardware Architecture

Haifeng Gu,Mingsong Chen,Yanzhao Wang,Fei Xie

DOI: https://doi.org/10.1109/icess49830.2020.9301601

2020-01-01

Abstract:Speculative execution has been widely used in modern CPU designs. This technique improves the CPU performance significantly. However, it may introduce the speculative execution side channels which can be exploited by attackers maliciously, such as the well-known Spectre attack. Although Spectre can expose the speculative execution side channels in data cache, it relies heavily on the training of branch predictors and timing analysis of the target physical processor. Thereby, it is difficult to predict if Spectre attack on processors that are under design in the early stage can succeed or not. For future white-box processors under design, how to identify the speculative execution side channels in data cache in the early stage is an important issue. To address this problem, we propose an approach to generating branch directions (including mis-predictions) of conditional branch instructions based on Instruction Set Architecture simulation. The predictions of the branch predictor in the processor under design will be guided by these branch directions to trigger the speculative execution side channels in data cache for detection. In our experiments, the RISC-V BOOM processor is used as a case study where the speculative execution side channel in data cache can be detected by our approach.

Dehua Wu,Wanlin Gao

DOI: https://doi.org/10.1109/icfeict57213.2022.00078

2022-01-01

Abstract:Spectre attacks have raised concerns about hardware vulnerabilities. Consequently, clear comprehension of the hardware behavior in the processor is the premise for mitigating these severe security issues. We built a simulation platform that integrated the single-core processor and the cache subsystem. This platform is built with the vulnerabilities of the Speculative execution. And simulations conducted on this platform show that the processor can open the time window of speculative execution, during which the malicious code can be executed without any security checks. The attackers exploit this fact to build the cache-tag-based covert channel. Furthermore, a security litmus test was conducted, which uses the General Purpose Input/Output to probe the private data from the cache-tag-based channel. Therefore, this platform reveals the circuit behavior of the processor under the attacks, which can be viewed as a foundation for further research on the mitigation of Spectre attacks.

Divya Ojha,Sandhya Dwarkadas

DOI: https://doi.org/10.1109/ISCA52012.2021.00037

2021-12-17

Abstract:Timing side channels have been used to extract cryptographic keys and sensitive documents, even from trusted enclaves. In this paper, we focus on cache side channels created by access to shared code or data in the memory hierarchy. This vulnerability is exploited by several known attacks, e.g, evict+reload for recovering an RSA key and Spectre variants for data leaked due to speculative accesses. The key insight in this paper is the importance of the first access to the shared data after a victim brings the data into the cache. To eliminate the timing side channel, we ensure that the first access by a process to any cache line loaded by another process results in a miss. We accomplish this goal by using a combination of timestamps and a novel hardware design to allow efficient parallel comparisons of the timestamps. The solution works at all the cache levels and defends against an attacker process running on another core, same core, or another hyperthread. Our design retains the benefits of a shared cache: allowing processes to utilize the entire cache for their execution and retaining a single copy of shared code and data (data deduplication). Our implementation in the GEM5 simulator demonstrates that the system is able to defend against RSA key extraction. We evaluate performance using SPECCPU2006 and observe overhead due to first access delay to be 2.17%. The overhead due to the security context bookkeeping is of the order of 0.3%.

Cryptography and Security

Samira Briongos,Ida Bruhns,Pedro Malagón,Thomas Eisenbarth,José M. Moya

DOI: https://doi.org/10.48550/arXiv.2008.12188

2020-08-27

Cryptography and Security

Abstract:Microarchitectural side channel attacks have been very prominent in security research over the last few years. Caches have been an outstanding covert channel, as they provide high resolution and generic cross-core leakage even with simple user-mode code execution privileges. To prevent these generic cross-core attacks, all major cryptographic libraries now provide countermeasures to hinder key extraction via cross-core cache attacks, for instance avoiding secret dependent access patterns and prefetching data. In this paper, we show that implementations protected by 'good-enough' countermeasures aimed at preventing simple cache attacks are still vulnerable. We present a novel attack that uses a special timing technique to determine when an encryption has started and then evict the data precisely at the desired instant. This new attack does not require special privileges nor explicit synchronization between the attacker and the victim. One key improvement of our attack is a method to evict data from the cache with a single memory access and in absence of shared memory by leveraging the transient capabilities of TSX and relying on the recently reverse-engineered L3 replacement policy. We demonstrate the efficiency by performing an asynchronous last level cache attack to extract an RSA key from the latest wolfSSL library, which has been especially adapted to avoid leaky access patterns, and by extracting an AES key from the S-Box implementation included in OpenSSL bypassing the per round prefetch intended as a protection against cache attacks.

Quancheng Wang,Xige Zhang,Han Wang,Yuzhe Gu,Ming Tang

2024-06-12

Abstract:Caches are used to reduce the speed differential between the CPU and memory to improve the performance of modern processors. However, attackers can use contention-based cache timing attacks to steal sensitive information from victim processes through carefully designed cache eviction sets. And L1 data cache attacks are widely exploited and pose a significant privacy and confidentiality threat. Existing hardware-based countermeasures mainly focus on cache partitioning, randomization, and cache line flushing, which unfortunately either incur high overhead or can be circumvented by sophisticated attacks. In this paper, we propose a novel hardware-software co-design called BackCache with the idea of always achieving cache hits instead of cache misses to mitigate contention-based cache timing attacks on the L1 data cache. BackCache places the evicted cache lines from the L1 data cache into a fully-associative backup cache to hide the evictions. To improve the security of BackCache, we introduce a randomly used replacement policy (RURP) and a dynamic backup cache resizing mechanism. We also present a theoretical security analysis to demonstrate the effectiveness of BackCache. Our evaluation on the gem5 simulator shows that BackCache can degrade the performance by 2.61%, 2.66%, and 3.36% For OS kernel, single-thread, and multi-thread benchmarks.

Cryptography and Security,Hardware Architecture

Pengfei Guo,Yingjian Yan,Junjie Wang,Jingxin Zhong,Yanjiang Liu,Jinsong Xu

DOI: https://doi.org/10.1016/j.cose.2023.103480

IF: 5.105

2023-09-13

Computers & Security

Abstract:Caches are key microarchitectural components of modern processors to improve memory access speed. However, attackers can readily implement timing side-channel attacks by exploiting the inherent time difference between cache hits and misses, which brings serious security threats to computer systems. In recent years, cache attacks have achieved fruitful consequences regarding attack techniques, targets, and platforms. At the same time, in order to measure the cache vulnerability, researchers have been looking at verifying the security policies and have proposed a variety of evaluation metrics. However, there are certain limitations in the current metrics, such as harsh assumptions, the distinguishing ability cannot be maintained all the time, the false positive and false negative noises can not be explicitly quantified, other tools are needed, and the verification environment is difficult to reproduce. To face these issues, we proposed a set of evaluation metrics, which includes the highest score (HS), minimum rounds to disclosure (MRD), and key score scissors differential (KSSD); we give the formal expressions in practice and theoretical, respectively. In order to facilitate the accurate reproduction of the experimental environment and results, we build a dual-core RISC-V bare-metal system based on the open-source framework Chipyard. On this basis, we conduct comprehensive evaluations to exploit vulnerabilities within the RISC-V cache architecture to verify the validity of the metrics suite. Furthermore, we compared the metrics with the commonly used success rate (SR) and guessing entropy (GE). The comparison results show that our proposed metrics suite can accurately depict the effects of attacks. Moreover, KSSD can maintain discrimination and converge quickly; MRD has more practical guidance; HS can specifically describe false negative noises. Finally, we perform a theoretical evaluation of AES algorithms with different T-table implementations using the proposed metrics, analyze the system's false positive and false negative noises, and suggest how the number of cache evictions can be determined under the random replacement policy.

computer science, information systems

Ruxandra Bălucea,Paul Irofti

2023-11-07

Abstract:Speculative attacks are still an active threat today that, even if initially focused on the x86 platform, reach across all modern hardware architectures. RISC-V is a newly proposed open instruction set architecture that has seen traction from both the industry and academia in recent years. In this paper we focus on the RISC-V cores where speculation is enabled and, as we show, where Spectre attacks are as effective as on x86. Even though RISC-V hardware mitigations were proposed in the past, they have not yet passed the prototype phase. Instead, we propose low-overhead software mitigations for Spectre-BTI, inspired from those used on the x86 architecture, and for Spectre-RSB, to our knowledge the first such mitigation to be proposed. We show that these mitigations work in practice and that they can be integrated in the LLVM toolchain. For transparency and reproducibility, all our programs and data are made publicly available online.

Cryptography and Security,Operating Systems

Yanan Guo,Andrew Zigerelli,Youtao Zhang,Jun Yang

DOI: https://doi.org/10.48550/arXiv.2110.12340

2022-08-17

Abstract:Modern x86 processors have many prefetch instructions that can be used by programmers to boost performance. However, these instructions may also cause security problems. In particular, we found that on Intel processors, there are two security flaws in the implementation of PREFETCHW, an instruction for accelerating future writes. First, this instruction can execute on data with read-only permission. Second, the execution time of this instruction leaks the current coherence state of the target data. Based on these two design issues, we build two cross-core private cache attacks that work with both inclusive and non-inclusive LLCs, named Prefetch+Reload and Prefetch+Prefetch. We demonstrate the significance of our attacks in different scenarios. First, in the covert channel case, Prefetch+Reload and Prefetch+Prefetch achieve 782 KB/s and 822 KB/s channel capacities, when using only one shared cache line between the sender and receiver, the largest-to-date single-line capacities for CPU cache covert channels. Further, in the side channel case, our attacks can monitor the access pattern of the victim on the same processor, with almost zero error rate. We show that they can be used to leak private information of real-world applications such as cryptographic keys. Finally, our attacks can be used in transient execution attacks in order to leak more secrets within the transient window than prior work. From the experimental results, our attacks allow leaking about 2 times as many secret bytes, compared to Flush+Reload, which is widely used in transient execution attacks.

Cryptography and Security

Mengming Li,Kai Bu,Chenlu Miao,Kui Ren

DOI: https://doi.org/10.1109/tdsc.2024.3354991

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Cache side-channel attacks remain a stubborn source of cross-core secret leakage. Such attacks exploit the timing difference between cache hits and misses. Most defenses thus choose to prevent cache evictions. Given that two possible types of evictions—flush-based and conflict-based—use different architectural features, these defenses have to integrate hybrid defense strategies, incur OS modification, and sacrifice performance to completely throttle cache side-channel attacks. In this paper, we present TreasureCache against cache side-channel attacks without modifying OS or sacrificing performance. Instead of preventing cache evictions with various costs, we advocate to allow cache evictions as is and hide exploitable evictions in our specialized small eviction-hidden buffer. The buffer guarantees a fast hit time comparative to LLC hits. This instantly closes the timing gap between accessing exploitable blocks when they are in and out of the LLC. Moreover, with the help of our buffer, we no longer have to disable flush instructions or shared memory. A lightweight constant-time flush instruction can help TreasureCache to prevent both flush-based and conflict-based side-channel attacks. We validate TreasureCache security and performance through extensive experiments. With a hardware overhead of less than 0.5%, TreasureCache reduces the secret-leakage resolution by about 1,000 times without introducing any performance slowdown.

Junpeng Wan,Yanxiang Bi,Zhe Zhou,Zhou Li

DOI: https://doi.org/10.48550/arXiv.2103.04533

2021-03-08

Abstract:Cache side-channel attacks lead to severe security threats to the settings that a CPU is shared across users, e.g., in the cloud. The existing attacks rely on sensing the micro-architectural state changes made by victims, and this assumption can be invalidated by combining spatial (\eg, Intel CAT) and temporal isolation (\eg, time protection). In this work, we advance the state of cache side-channel attacks by showing stateless cache side-channel attacks that cannot be defeated by both spatial and temporal isolation. This side-channel exploits the timing difference resulted from interconnect congestion. Specifically, to complete cache transactions, for Intel CPUs, cache lines would travel across cores via the CPU mesh interconnect. Nonetheless, the mesh links are shared by all cores, and cache isolation does not segregate the traffic. An attacker can generate interconnect traffic to contend with the victim's on a mesh link, hoping that extra delay will be measured. With the variant delays, the attacker can deduce the memory access pattern of a victim program, and infer its sensitive data. Based on this idea, we implement Volcano and test it against the existing RSA implementations of JDK. We found the RSA private key used by a victim process can be partially recovered. In the end, we propose a few directions for defense and call for the attention of the security community.

Cryptography and Security