Description
The growth of embedded systems takes advantage of architectural advances from modern processors to increase performance while maintaining a low power consumption. Among these advances is the introduction of cache memory into embedded systems. These memories speed up the memory accesses by temporarily storing data close to the execution core. Furthermore, data from different applications share the same hardware resources, so the execution of one application affects the others. These interactions between applications give rise to cache-based side-channel attacks. This threat takes advantage of memory accesses to extract secret data executed by cryptographic applications. These attacks are well known on modern processors and have led to countermeasures designed for modern processors. These solutions are either not feasible on embedded systems due to their requirements or result in high additional costs. In this context, we present a countermeasure based on a fine-grained partitioning, so that an application can dynamically lock its data into the cache. Once a data is locked, no application can infer information about the memory accesses made to it. It provides strong security guarantees for critical program sections while introducing a low performance overhead (<4%) through a new hardware/software contract.