Patent attributes
During execution of an application that accesses a shared memory, a security component may, based on an indication from a performance monitor, determine that the application is carrying out a timing side-channel attack. The performance monitor may trigger an interrupt if a pre-determined number of cache line flushes is executed, after which the security component may inspect program instructions of the executing application to determine whether those instructions are likely being used in such an attack. In response to determining that an attack is under way, the security component may take action to mitigate or curtail the attack. The security component may modify the program instructions or page mapping of the executing application to make accesses to portions of the shared memory targeted by the cache line flushes predictable or consistent (e.g., by replacing the instructions with traps, removing them, or inserting instructions immediately before or after them).
