Efficient Protection Mechanism for CPU Cache Flush Instruction Based Attacks

CPU flush instruction-based cache side-channel attacks (cache instruction attacks) target a wide range of machines. For instance, Meltdown / Spectre combined with FLUSH+RELOAD gain read access to arbitrary data in operating system kernel and user processes, which work on cloud virtual machines, laptops, desktops, mobile devices. Additionally, fault injection use cache. Rowhammer, is attack that attempts obtain write physical memory, affects machines have DDR3. To protect against existing attacks, various mechanisms been proposed modify hardware software aspects; however, when latest are disclosed, these cannot prevent these. Moreover, additional countermeasure requires long time for the designing developing process. This paper proposes novel mechanism termed FlushBlocker all types mitigate employ vulnerability until releasing countermeasures. employs an approach restricts issuing instructions lead failure by limiting control demonstrate effectiveness this study, was implemented Linux kernel, its security performance were evaluated. Results show successfully prevents (e.g., Meltdown, Spectre, Rowhammer), overhead zero, it transparent real-world applications.