This work addresses the incompatibility between strict cache partitioning—effective against eviction-based side-channel attacks—and write-sharing coherence, which hinders its deployment in secure shared operating systems. The authors propose SCP, a novel mechanism that partitions only cache tags while maintaining a unified data pool, augmented with timing obfuscation and a last-level cache (LLC) write-routing policy. This approach uniquely reconciles strict eviction isolation with write-sharing coherence. SCP introduces leakage-threshold-driven dynamic writebacks and cross-partition lookup path protection, effectively neutralizing Prime+Probe, Flush+Reload, and shared writable-line attacks, reducing their success rates to random levels. Implemented in gem5, SCP incurs only a 2.8% increase in LLC SRAM overhead and less than 0.3% IPC performance degradation on SPEC CPU2017 benchmarks.

Cache partitioning is among the strongest structural defenses against eviction-based cache side channels, yet a decade-old design issue has blocked its widespread deployment in secure shared-OS settings. The issue is that write-shared coherence collapses under strict partitioning. We present SCP (Secure and Coherent Partitioning), which combines strict eviction isolation with write-shared coherence by partitioning only the tags, sharing a single data pool, and sizing the data pool so capacity-driven cross-partition eviction cannot occur. Timing obfuscation extends protections to the inter-partition lookup path. Coherence-based leakage on shared-writeable lines is mitigated by routing those writes through to the LLC once a leakage threshold is crossed, which makes attacker write probe latency independent of victim activity. Using gem5 for implementation, SCP mitigates Prime+Probe and Flush+Reload, which are the basis for more sophisticated cache attacks. We also demonstrate that a shared-writeable-line attack is mitigated. All these attacks yield results no better than random guessing. SCP's hardware cost is a modest +2.8% LLC SRAM. Performance matches DAWG within 0.3% IPC on the SPEC CPU2017 benchmarks that we evaluated. Sharing-intensive microbenchmarks demonstrate a tunable security-performance tradeoff based on a system-specified leakage threshold.