Secure Caches for Compartmentalized Software
Kerem Arıkan
34th USENIX Security Symposium (USENIX Security '25) · Day 2 · Crypto 3: Formal Methods and Private Computation
In the pursuit of more secure and robust software, the shift from monolithic applications to **compartmentalized software** has been a significant architectural evolution. This talk, presented by Kerem Arıkan from Binghamton University and UC Riverside, addresses a critical vulnerability that undermines the security benefits of compartmentalization: **CPU cache side-channel attacks**. While compartmentalization isolates code and data into distinct memory domains, the shared nature of CPU caches often provides an unintended communication channel between these isolated compartments, allowing malicious or buggy code to infer sensitive information.
AI review
Solid systems security research from USENIX that addresses a real, underserved problem: cache side-channels punching through compartmentalization boundaries that the MMU correctly enforces. The domain-oriented partitioning insight is genuinely clever — solving the coherence mess that code-oriented approaches create when compartments share data — and the ADR optimization shows the authors actually thought through hardware implementation constraints rather than just proposing something that would never ship.