Designing Secure Performance Metrics for Last-Level Cache


In modern CPU architectures, last-level caches (LLCs) are typically shared among multiple CPU cores. LLCs enable data sharing across application threads and promote data reusability. However, due to limited resources, an efficient utilization of LLCs is vital for application performance. One effective way to understand the LLC usage is using hardware performance counters to measure the LLC performance metrics such as hit and miss ratios. Given the benefits of hardware counter based performance metrics, enabling these metrics in a multi-tenant environment is challenging due to security implications. An adversary can exploit these metrics for various side-channel attacks. Current mitigation policies simply restrict the access of performance metrics which limits the legitimate use of these metrics for performance monitoring and optimization. This paper addresses the vulnerability of LLC metrics as an accessory to side-channel attacks. This paper proposes novel secure performance metrics, CERBERUS, aimed at limiting LLC performance counter-based side-channel vulnerability while providing usable performance insights. The key insight in CERBERUS is that it leverages a differentially private mechanism to make the side-channels undetectable to adversaries. Through a systematic evaluation of benchmark performance monitoring scenarios, we show that CERBERUS’s performance metrics are usable for LLC-aware profile-guided compiler optimization.

Proceedings of the 28th International Workshop on High-Level Parallel Programming Models and Supportive Environments (HIPS 2023)