A processor data prefetch security enhancement method to mitigate cache side-channel attacks
By introducing an attack awareness module and an observation obfuscation module into the processor, and using a pseudo-random prefetch strategy to identify and interfere with cache side-channel attacks, the problem of insufficient security in the processor data prefetching process is solved, achieving higher security and performance while maintaining low hardware overhead.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- SOUTHEAST UNIV
- Filing Date
- 2023-04-23
- Publication Date
- 2026-06-30
AI Technical Summary
Existing processors lack effective defenses against cache side-channel attacks during data prefetching, resulting in insufficient security and high performance and hardware resource consumption.
A processor data prefetching security enhancement method to mitigate cache side-channel attacks is designed. By identifying and interfering with attacker behavior through an attack awareness module and an observation obfuscation module, a pseudo-random prefetching strategy is used to improve security and performance without changing the original cache architecture.
It effectively reduced the success rate of cache side-channel attacks, improved processor security and performance, and maintained low hardware resource consumption. Specific experimental results show that the success rate of Spectre series attacks dropped to below 13%, and the performance improved by 0.06%.
Smart Images

Figure CN116720191B_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to the field of processor architecture and relates to a method for mitigating cache side-channel attacks using processor data prefetchers, thereby enhancing the security of processor architecture. Background Technology
[0002] Modern processors have introduced many optimization mechanisms, such as data prefetching, speculative execution, and data caching. While these mechanisms improve performance, they also lead to increasingly prominent security issues. Although operating systems can isolate unauthorized data access to prevent software vulnerabilities, they cannot prevent side-channel leaks of sensitive data due to design flaws in shared hardware. In all shared microarchitectures, caching provides the largest attack surface. In cache-based side-channel attacks, attackers exploit the inherent time difference between cache hits and misses to launch attacks across different domains.
[0003] To combat cache side-channel attacks, novel caching architectures such as RPCache and NewCache have been proposed. Secure caching primarily breaks the observability of cache behavior by altering the fixed mapping between memory and cache. However, correctly implementing and using these secure caches is inherently difficult. For cache side-channel attacks based on transient execution, schemes such as conditional speculative execution and limiting the changes made to the microarchitectural state by transient instructions have been proposed. While these measures can effectively prevent attacks based on transient execution, they often come at the cost of increased hardware resource consumption or performance.
[0004] The processor's data prefetcher predicts future data accesses based on the program's memory access history and pre-fetches this data into the cache, further improving memory hit rate. Data prefetching was initially proposed to further reduce memory miss rate and improve system performance. The content prefetched into the cache naturally acts as a defense against side-channel attacks. Currently, there are very few technologies based on prefetchers to defend against cache side-channel attacks, and none have been implemented and verified on a real hardware platform. Summary of the Invention
[0005] To address the aforementioned problems, this invention proposes a processor data prefetch security enhancement method to mitigate cache side-channel attacks. Without altering the original cache architecture, it proposes a higher-performance, lower-hardware-consumption solution based on data prefetching technology while ensuring security. The security enhancement method includes the following steps:
[0006] Step 1: The attack detection module determines whether there are any key load instructions that could be used to cache the first phase of a side-channel attack;
[0007] Step 2: If the attack detection module detects abnormal behavior in the program in Step 1, the observation obfuscation module is activated; otherwise, the program continues to be monitored.
[0008] Step 3: Observe the impact of the load instruction in the obfuscation module monitoring program on the cache, and determine whether there may be a load instruction used for the third stage of the cache side-channel attack;
[0009] Step 4: The obfuscation module records and predicts the memory addresses probed by the attacker in the third stage. The predicted addresses are pseudo-randomized within the memory address range accessed by the attacker and stored in the prefetch queue of the processor data prefetcher.
[0010] Step 5: The processor data prefetcher issues prefetch requests according to the first-in, first-out principle. The address hit in the cache during the attacker's third phase is not necessarily caused by the execution of the victim program, but rather by a prefetch request from the obfuscation module.
[0011] Furthermore, the processor is primarily a RISC-V processor, and the data prefetcher includes next-row data prefetching or stride-based data prefetching.
[0012] Furthermore, in a side-channel attack, the attacker's and victim's programs run on the same processor core and share hardware resources such as branch predictors, caches, and data prefetchers.
[0013] Furthermore, in step 2, the key load instruction in the first stage of the cache side-channel attack refers to the existence of a certain load instruction in the processor pipeline that evicts multiple cache sets multiple times, frequently causing cache misses.
[0014] Furthermore, the attack detection module maintains the following hardware structure:
[0015] 1) lastPc: Used to record the PC value of the load instruction that triggered the next level cache (L2 cache) request. When the newly received PC value of the module is different from lastPc, all hardware structures of this module are initialized.
[0016] 2) `setAcquireBuffer`: M entries (M = L1_SetNums, where L1_SetsNums is the number of L1 cache sets), each entry contains 1 valid bit and 4 acquireCnts bits. A valid bit value of 1 indicates the value recorded in the entry is valid; otherwise, it is invalid. `acquireCnts` is a four-bit saturation counter used to record the cache sets and the number of times the address of the next-level cache request caused by the same load instruction is affected.
[0017] 3) dangerDegree: dangerDegree indicates the degree of possibility of a cache side-channel attack. Its value is equal to the number of entries in setAcquireBuffer where acquireCnts is greater than Y (Y = 2 * L1_WAYS, where L1_WAYS is the number of paths in the L1 cache).
[0018] 4) AAMThreshold: Stores the set threshold. When dangerDegree exceeds this threshold, the load is considered to be a critical load specified in attack phase 1, and a program danger signal is sent to the observation and obfuscation module. The value in this register is not reset when lastPc changes.
[0019] Furthermore, in step 3, a certain load instruction in the processor pipeline accesses a specific memory region erratically, attempting to suppress the prefetcher's function. This ultimately results in multiple missing cache sets over a period of time. Therefore, this load instruction is considered the key load instruction in the third stage of the cache side-channel attack.
[0020] Furthermore, in step 4, the observation confusion module includes the following hardware structure:
[0021] 1) lastPc: Used to record the PC value of the load instruction that triggered the next level cache (L2 cache) request. When the newly received PC value of the module is different from lastPc, all hardware structures of this module are initialized.
[0022] 2) lowBoundary: Records the lowest memory address among the addresses requested by the current load instruction from the L2 Cache. Its initial value is 0xffff_ffff.
[0023] 3) highBoundary: Records the highest memory address requested by the current load instruction from the L2 Cache. Initialized value is 0x0.
[0024] 4) setAccess: M-bit register (M = L1_SetNums), calculates the cache set to be refilled into the L1 Cache based on the address requested by the load instruction to the L2 Cache, and sets the corresponding bit to 1. Initialized value is 0.
[0025] 5) FOMTHReshold: When the number of 1s in setAccess exceeds FOMTHReshold, the load instruction is determined to be a critical load instruction in the third stage of the attack. Multiple prefetches are then triggered based on setAccess and the pseudo-random prefetch algorithm.
[0026] Furthermore, the main steps of the pseudo-random prefetch algorithm proposed in this invention are as follows:
[0027] 1) A four-bit saturation counter cnt, which increments cyclically within the range [0, 16) with the clock cycle;
[0028] 2) Split setAccess into four parts: [0,M / 4), [M / 4,M / 2), [M / 2,(M*3 / 4), [(M*3 / 4),M);
[0029] 3) cnt[0,1] determines which part of setAccess to use, and takes the index position of the cnt[2,3]th bit of that part with a value of 0. That is, pseudo-random prefetch the cache set that has not yet been affected by the load instruction, denoted as prefetchIdx;
[0030] 4) Finally, the addresses corresponding to the cache set prefetchIdx within the range of [lowBoundary, highBoundary] will be pushed into the prefetch queue.
[0031] Furthermore, the prefetched addresses are stored in a prefetch queue, and the prefetched addresses are requested from the storage hierarchy in a first-in-first-out order.
[0032] Furthermore, the attack awareness module and the observation obfuscation module are integrated with the data prefetcher in the processor.
[0033] Compared with the prior art, the advantages of the present invention are as follows:
[0034] 1. The present invention has a higher level of security.
[0035] This invention addresses the issue of attackers randomizing cache access during the observation phase using techniques such as chained access, attempting to suppress prefetcher interference. This invention applies a randomized prefetch strategy in the observation obfuscation module. The non-fixed prefetch strategy makes it difficult for attackers to model the behavior of the cache and prefetcher, further enhancing security. Aware+Fuzz can identify and mitigate SpectreV1, V2, V4, and V5 attacks, reducing the attack accuracy to below 13%.
[0036] 2. This invention can improve processor performance.
[0037] Table 1 shows the results of SPEC CPU2017, indicating that the processor using this invention achieves an average performance improvement of 0.06%. Aware+Fuzz uses prefetching techniques to interfere with attackers building cache side-channels; if the prefetching is correct and timely, it can even improve performance while ensuring security.
[0038] 3. This invention has extremely low hardware overhead.
[0039] A security-enhanced processor was built on the Xilinix EK-KC-705 platform, and RTL-level verification of Aware+Fuzz was performed, with onboard resource consumption of only about 1%. Using Xilinix's Vivada software suite for HDL design synthesis and analysis, resource consumption reports for both ordinary processors and processors configured with this invention were obtained, as shown in Table 2. LUTs (Look-Up Tables) are the basic building blocks of digital circuits. FFs (Flip-Flops) are another major component in FPGAs, acting as data storage elements. The results show that this invention imposes a 1% and 0.27% load on LUTs and FFs, respectively.
[0040] Table 1 Performance Results of SPEC CPU2017
[0041]
[0042] Table 2 Hardware Resource Consumption of Aware+Fuzz
[0043] Attached Figure Description
[0044] Figure 1 This is a flowchart illustrating a method for enhancing processor data prefetcher security against cache side-channel attacks.
[0045] Figure 2 This is a schematic diagram of the attack detection module;
[0046] Figure 3 This is a schematic diagram of the observation confusion module;
[0047] Figure 4 This is a diagram comparing the number of access cycles an attacker needs to steal a single character 's' in a single round;
[0048] Figure 5 This is a diagram illustrating the defensive effect of security enhancement methods against Spectre attacks. Detailed Implementation
[0049] To make the objectives, technical solutions, and advantages of this invention clearer, the invention will be further described in detail below with reference to the accompanying drawings. An example is also provided that implements this invention on the real hardware platform BoomV3 and effectively mitigates Spectre-type attacks. It should be understood that this example is merely illustrative and intended to explain the invention, and should not be construed as a limitation thereof.
[0050] Example 1: This invention belongs to the field of processor architecture and relates to a method for mitigating cache side-channel attacks using a hardware data prefetcher, thereby enhancing the security of the processor architecture. For example... Figure 1The diagram shows a specific implementation of this invention on the RISC-V open-source processor core SonicBoom. It includes an attack detection module and an observation obfuscation module, which work together to detect and defend against cache side-channel attacks. The specific steps are as follows:
[0051] Step 1: The attack detection module determines whether there are any key load instructions that could be used to cache the first phase of a side-channel attack;
[0052] The attack detection module primarily functions in the first phase of the attack, determining whether the content currently running on the processor is a cache side-channel attack program. Specifically, because the RISC-V architecture does not support the clflush instruction, in both prime+probe and flush+reload attack modes, attackers must use a cumbersome, contention-based approach to clear specified memory lines or occupy cache sets in phase 1. Therefore, the key load instruction in the first phase of a cache side-channel attack manifests as a single load instruction in the processor pipeline repeatedly evicting multiple cache sets, frequently causing cache misses.
[0053] Step 2: If the attack detection module in Step 1 detects abnormal behavior in the program, then the observation and obfuscation module is activated; otherwise, the program continues to be monitored.
[0054] The attack detection module maintains the following hardware structure:
[0055] 1) lastPc: Used to record the PC value of the load instruction that triggered the next level cache (L2 cache) request. When the newly received PC value of the module is different from lastPc, all hardware structures of this module are initialized.
[0056] 2) `setAcquireBuffer`: M entries (M = L1_SetNums, where L1_SetsNums is the number of L1 cache sets), each entry contains 1 valid bit and 4 acquireCnts bits. A valid bit value of 1 indicates the value recorded in the entry is valid; otherwise, it is invalid. `acquireCnts` is a four-bit saturation counter used to record the cache sets and the number of times the address of the next-level cache request caused by the same load instruction is affected.
[0057] 3) dangerDegree: dangerDegree indicates the likelihood of a cache side-channel attack. Its value is equal to the number of entries in setAcquireBuffer where acquireCnts is greater than Y (Y = 2 * L1_WAYS, where...).
[0058] L1_WAYS is the number of paths in the L1 cache.
[0059] 4) AAMThreshold: Stores the set threshold. When dangerDegree exceeds this threshold, the load is considered to be a critical load specified in attack phase 1, and a program danger signal is sent to the observation and obfuscation module. The value in this register is not reset when lastPc changes.
[0060] To avoid disrupting benign processes, the Phase 1 perceptron only uses the load sequence that initiates the next level cache request, not all load sequences that cause cache misses. The number of cache set requests caused by the same load instruction is counted using `setAcquireBuffer`, which is the same as the number of cache sets. The `dangerDegree` register records the number of abnormal cache sets. When a cache set is requested more than 2 * L1_WAYS(8), it is considered abnormal, and the observation obfuscation module is activated to interfere with the implementation of the third phase of the attack.
[0061] Step 3: Observe the impact of the load instruction in the obfuscation module monitoring program on the cache, and determine whether there may be a load instruction used for the third stage of a cache side-channel attack.
[0062] During the probing phase, attackers need to scan the entire cache set to determine the specific cache lines used by the victim during execution, thereby inferring the secret character. This is typically accomplished using a for loop. However, sequentially accessing the entire cache set could trigger the prefetcher, increasing the difficulty of observation. To avoid the prefetcher's influence on the attack, most implementations currently employ chained access techniques to disrupt the scanning of the cache set.
[0063] To address this issue, this invention proposes an observation obfuscator. Even when an attacker deliberately suppresses the prefetcher, it can still promptly identify the detection range and trigger the prefetcher under certain conditions, bringing back memory lines that the attacker might detect to the cache. It's worth noting that, unlike the memory access patterns in Phase 1, normal programs often disrupt the number of accesses to a particular memory space. To minimize the impact on benign programs, the results of the Phase 1 detector are used as a prerequisite for the Phase 3 detector. In other words, the Phase 3 detector only activates when the Phase 1 detector detects an anomaly, which aligns with the attack logic.
[0064] The components of the observation confusion module are shown in the appendix. Figure 3 As shown, it mainly includes the following hardware modules:
[0065] 1) lastPc: Used to record the PC value of the load instruction that triggered the next level cache (L2 cache) request. When the newly received PC value of the module is different from lastPc, all hardware structures of this module are initialized.
[0066] 2) lowBoundary: Records the lowest memory address among the addresses requested by the current load instruction from the L2 Cache. Its initial value is 0xffff_ffff.
[0067] 3) highBoundary: Records the highest memory address requested by the current load instruction from the L2 Cache. Initialized value is 0x0.
[0068] 4) setAccess: M-bit register (M = L1_SetNums), calculates the cache set to be refilled into the L1 Cache based on the address requested by the load instruction to the L2 Cache, and sets the corresponding bit to 1. Initialized value is 0.
[0069] 5) FOMTHReshold: When the number of 1s in setAccess exceeds FOMTHReshold, the load instruction is determined to be a critical load instruction in the third stage of the attack. Multiple prefetches are then triggered based on setAccess and the pseudo-random prefetch algorithm.
[0070] The address boundary register records the minimum and maximum memory addresses accessed by the current load instruction; the 64-bit cache set access register identifies the cache set accessed and caused a miss. When the phase 1 detector detects an anomaly and the number of misses caused by the load instruction reaches the threshold FOMTHReshold, a prefetch will be triggered. The prefetched address is pseudo-random and guaranteed to be within the address boundary range, and will be placed in a cache set not accessed by the load instruction.
[0071] Step 4: The obfuscation module records and predicts the memory addresses that the attacker probes in the third phase, and stores the predicted memory addresses in the prefetch queue;
[0072] The prefetched address is pseudo-random and guaranteed to be within the address boundary range, and will be placed in a cache set not accessed by the load instruction. The pseudo-random prefetch algorithm proposed in this invention mainly includes the following steps:
[0073] 1) A four-bit saturation counter cnt, which increments cyclically within the range [0, 16) with the clock cycle;
[0074] 2) Split setAccess into four parts: [0,M / 4), [M / 4,M / 2), [M / 2,(M*3 / 4), [(M*3 / 4),M);
[0075] 3) The value of cnt[0,1] determines which part of setAccess to use, and the index of the second (2nd,3rd)th bit of that part is 0. That is, the pseudo-random prefetch of the cache set that has not yet been affected by the load instruction is denoted as prefetchIdx;
[0076] 4) Finally, the addresses corresponding to the cache set prefetchIdx within the range of [lowBoundary, highBoundary] will be pushed into the prefetch queue of the processor's data prefetcher.
[0077] Step 5: The processor data prefetcher issues prefetch requests according to the first-in, first-out (FIFO) principle. The addresses hit in the cache during the attacker's third phase are not necessarily caused by the execution of the victim program, but rather by prefetch requests from the obfuscation module.
[0078] The detection module could be implemented as part of the prefetcher, but to avoid altering the original Boom structure and for decoupling purposes, a separate module is chosen. When the attack detection module detects a potential cache side-channel attack, the observation and obfuscation module issues a mandatory prefetch request. The prefetched data disrupts the attacker's assessment of the victim program's memory usage, significantly reducing the attacker's success rate and improving the processor system's security performance.
[0079] The following are the experimental results:
[0080] The security of the Aware+Fuzz scheme was verified by testing the Spectre series of attack programs. Figure 4 This shows the attacker's access to the auxiliary array in phase three of a particular attack round. The dashed line in the graph represents the cache hit / miss threshold, which is 55 cycles in SonicBoom. Without protection, such as... Figure 4 As shown in the upper part, a cache hit only occurs when i is 115, so the attacker can easily deduce that the secret character is 's'. After deploying Aware+Fuzz, the obfuscation observation module is enabled, learning the attacker's access patterns and triggering prefetching, thus pre-loading the data accessed by the attacker into the cache, resulting in multiple cache hits, such as... Figure 4 The next part. At this point, it will be difficult for the attacker to accurately determine the value of the secret character.
[0081] To further illustrate the security of Aware+Fuzz, SpectreV1, V2, V4, and V5 attacks were reproduced on BoomV3. Ten rounds of attacks were performed on the same secret character, and the results of each round were recorded. Finally, the value of a single secret character was derived based on the results of these ten rounds. During the experiment, the secret string length was set to 30 characters, including uppercase and lowercase letters and special characters. Five control groups were included.
[0082] 1) noP-inorder (NI): Does not include a prefetcher; attackers access memory sequentially during the observation phase.
[0083] 2) SP-inorder (SI): Stride Prefetcher, where the attacker sequentially accesses memory during the observation phase.
[0084] 3) SP-OoO(SO): Stride prefetcher, allowing attackers to access memory out of order during the observation phase. No security measures are in place.
[0085] 4) Aware+Fuzz(NI): The core has no prefetcher, but it is configured with the security method of this invention, allowing attackers to access memory sequentially during the observation phase.
[0086] 5) Aware+Fuzz(SO): The core is equipped with a stride prefetcher and configured with the security method of this invention, allowing attackers to access memory out of order during the observation phase.
[0087] Figure 5 This demonstrates the impact of hardware data prefetchers on cache side-channel attacks and the security performance of the Aware+Fuzz scheme. Without hardware prefetching (noP-inorder), attackers sequentially probe memory, and the success rate of all four attack methods is 100%. When straddle prefetchers are configured (SP-inorder), the attacker's sequential access pattern triggers the prefetcher, significantly reducing the attack's accuracy; SpectreV5's accuracy is only 6.6%, making it almost impossible to recover the secret string. As attacks evolve, attackers often employ the proposed chained access technique to disrupt access patterns, greatly suppressing the impact of data prefetchers. (See attached image) Figure 5 SP-OoO shows that attackers can successfully execute cache side-channel attacks with a near 100% success rate in architectures equipped with data prefetching, using technical means. Experiments with Aware+Fuzz-NI show that the success rate of all four attack types drops to 0. This is because the observation obfuscation module can easily learn the attacker's sequential access patterns and trigger more timely and effective prefetches. Figure 5As shown in Aware+Fuzz-SO, in the configuration of the security method of this invention, even if an attacker attempts to suppress the influence of the prefetcher, it is difficult to escape the detection of the attack awareness module. The attack awareness module will enable the observation obfuscation module to trigger the prefetch in phase three as appropriate. The accuracy of SpectreV1 is reduced to 0, and in the worst case, the accuracy is also reduced to 13.3% for the defense against SpectreV5.
[0088] It should be noted that any process or method description in the flowchart or otherwise described herein can be understood as representing a module, segment, or portion of code comprising one or more executable instructions for implementing a particular logical function or process, and the scope of the preferred embodiments of the invention includes additional implementations in which functions may be performed not in the order shown or discussed, including in substantially the same manner or in the reverse order of the functions involved, as should be understood by those skilled in the art to which the embodiments of the patent pertain.
[0089] In the description of this specification, references to terms such as "one embodiment," "some embodiments," "example," "specific example," or "some examples" indicate that a specific feature, structure, material, or characteristic described in connection with that embodiment or example is included in at least one embodiment or example of the invention. In this specification, the illustrative expressions of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials, or characteristics described may be combined in any suitable manner in one or more embodiments or examples.
[0090] Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the invention. Those skilled in the art can make changes, modifications, substitutions and variations to the above embodiments within the scope of the present invention without departing from the principles and spirit of the invention.
Claims
1. A processor data prefetching security enhancement method to mitigate cache side-channel attacks, characterized in that, The method includes the following steps: Step 1: The Aware Attack Module (AAM) determines whether there are any key load instructions that could be used for the first phase of a cached side-channel attack. Step 2: If the attack detection module detects abnormal behavior in the program in Step 1, then the Fuzz Observation Module (FOM) is enabled; otherwise, the program continues to be monitored. Step 3: Observe the impact of the load instruction in the obfuscation module monitoring program on the cache, and determine whether there may be a load instruction used for the third stage of the cache side-channel attack; Step 4: The obfuscation module records and predicts the memory addresses probed by the attacker in the third stage. The predicted addresses are pseudo-randomized within the memory address range accessed by the attacker and stored in the prefetch queue of the processor data prefetcher. Step 5: The processor data prefetcher issues a prefetch request according to the first-in-first-out principle. The address hit in the cache during the third phase by the attacker is not necessarily caused by the execution of the victim program, but may come from the prefetch request of the observation obfuscation module. The processor data prefetcher includes a next-line data prefetcher or a stride-based data prefetcher; In step 2, the key load instruction in the first stage of the cache side-channel attack refers to the following: a certain load instruction in the processor pipeline evicts multiple cache sets multiple times, frequently causing cache misses. The attack detection module maintains the following hardware structure: 1) lastPc: Used to record the PC value of the load instruction that triggered the next level L2 cache request. When the newly received PC value of the module is different from lastPc, all hardware structures of this module are initialized. 2) `setAcquireBuffer`: M entries, M = `L1_SetNums`, where `L1_SetNums` is the number of cache sets in the L1 Cache. Each entry contains 1 valid bit and 4 `acquireCnts` bits. A valid bit value of 1 indicates that the value recorded in the entry is valid; otherwise, it is invalid. `acquireCnts` is a four-bit saturation counter used to record the cache sets and the number of times the address of the next-level cache request caused by the same load instruction is affected. 3) dangerDegree: dangerDegree indicates the likelihood of a cache side-channel attack. Its value is equal to the number of entries in setAcquireBuffer where acquireCnts is greater than Y, where Y = 2 * L1_WAYS, and L1_WAYS is the number of paths in the L1 cache. 4) AAMThreshold: Stores the set threshold. When dangerDegree exceeds this threshold, the load instruction is considered a critical load instruction in attack phase 1, and a program danger signal is sent to the observation and obfuscation module. The value in the register is not reset when lastPc changes.
2. The processor data prefetching security enhancement method for mitigating cache side-channel attacks according to claim 1, characterized in that, In a side-channel attack, the attacker's and victim's programs run on the same processor core and share hardware resources such as the branch predictor, cache, and data prefetcher.
3. The processor data prefetching security enhancement method for mitigating cache side-channel attacks according to claim 1, characterized in that, In step 3, if a certain load instruction in the processor pipeline accesses a certain memory region irregularly in an attempt to suppress the prefetcher, and ultimately causes multiple missing cache sets within a certain period of time, then this load instruction is the key load instruction in the third stage of the cache side-channel attack.
4. The processor data prefetching security enhancement method for mitigating cache side-channel attacks according to claim 3, characterized in that, In step 4, the observation confusion module includes the following hardware structure: 1) lastPc: Used to record the PC value of the load instruction that triggered the next level L2 cache request. When the newly received PC value of the module is different from lastPc, all hardware structures of this module are initialized. 2) lowBoundary: Records the lowest memory address among the addresses requested by the current load instruction from the L2 Cache. Its initial value is 0xffff_ffff. 3) highBoundary: Records the highest memory address requested by the current load instruction from the L2 Cache. Its initial value is 0x0. 4) setAccess: M-bit register, M = L1_SetNums. It calculates the cache set to be refilled into the L1 Cache based on the address requested by the load instruction to the L2 Cache, and sets the corresponding bit to 1. Its initial value is 0. 5) FOMTHReshold: When the number of 1s in setAccess exceeds FOMTHReshold, the load instruction is determined to be the critical load instruction in the third stage of the attack, and multiple prefetches are triggered based on setAccess and the pseudo-random prefetch algorithm.
5. The processor data prefetching security enhancement method for mitigating cache side-channel attacks according to claim 4, characterized in that, The main steps of the pseudo-random prefetch algorithm are as follows: 1) A four-bit saturation counter cnt, which increments cyclically within the range [0, 16) with the clock cycle; 2) Split setAccess into four parts: [0,M / 4), [M / 4, M / 2), [M / 2,(M*3 / 4), [(M*3 / 4),M); 3) cnt[0,1] determines which part of setAccess to use, and takes the index position of the cnt[2,3]th bit of that part with a value of 0. That is, pseudo-random prefetch the cache set that has not yet been affected by the load instruction, denoted as prefetchIdx; 4) Finally, the addresses corresponding to the cache set prefetchIdx within the range of [lowBoundary, highBoundary] will be pushed into the prefetch queue.
6. The processor data prefetching security enhancement method for mitigating cache side-channel attacks according to claim 5, characterized in that, The prefetched addresses are stored in the prefetch queue, and the prefetched addresses are requested from the storage hierarchy in a first-in-first-out order.
7. The processor data prefetching security enhancement method for mitigating cache side-channel attacks according to claim 6, characterized in that, The attack awareness module and observation obfuscation module are integrated with the data prefetcher in the processor.