Working with colleagues from Princeton University, NICTA and Intel we show how to use the Intel Cache Allocation Technology (CAT) to provide protection from cache-based side-channel attacks.
CAT is a hardware cache-partitioning mechanism for enforcing quality of service with respect to cache occupancy. However due to the small number of partitions it cannot be used directly to provide protection from side-channel attacks. Our solution, CATalyst, is a pseudo-locking mechanism which uses CAT to enforce cache-residency of security-related code and data, preventing cache-based attacks on this code.
F. Liu, Q. Ge, Y. Yarom, F. Mckeen, C. Rozas, G. Heiser, R. B. Lee, CATalyst: Defeating Last-Level Cache Side Channel Attacks in Cloud Computing, HPCA 2016, Barcelona, Spain, March 2016.