Dynamic soft isolation and restricted eviction for cache side channel attack defense

Cache side channel attack seriously threatens microarchitectural security. A key challenge in mitigating such attack lies in analyzing behavioral characteristics and intentions at different stages. Existing methods utilize static isolation domains to prevent data eviction between attackers and victims. The number of isolation domains is constrained by cache size, making protection insufficient processes when the number of protected processes exceeds this limit. Moreover, the capacity and location of isolation domains cannot be dynamically adjusted according to the process demand, leading to either underutilized cache lines or excessive evictions, both of which degrade performance. Therefore, a Dynamic Soft Isolation and Restricted Eviction for Cache Side Channel Attack Defense (DSI-RE) is proposed. DSI-RE introduces a dynamic soft isolation method with flexible isolation boundaries, which dynamically adjusts the number, capacity and location of isolation domains based on process demands by domain labels, enhancing cache utilization and operational efficiency. Additionally, a restricted eviction with intent-aware is proposed, which detects the attack behavior across different attack stage, and imposes different restrictions on the replacement algorithm to prevent sensitive evictions. Extensive experimental results show that DSI-RE outperforms the state-of-the-art methods. The proposed method novelly identifies the key behavioral intent during an attack and blocks the attack by introducing minor restrictions in attack process.