From Entropy to Leakage: A Unified Methodology for Security Evaluation of Caches

By Pratik Shrestha, Achim D. Brucker, and M. Khurram Bhatti.

Cache Side-Channel Attacks (CSCAs) can leak sensitive information by exploiting shared cache resources. Although many secure cache designs like CEASER, Scatter-Cache, PhantomCache, MIRAGE, and IECache have been proposed, the security evaluation methods being used by these designs remain diverse, often inconsistent, and scattered. This inconsistency makes it challenging to compare the security strengths of the state-of-the-art cache designs for security-critical applications. To address this challenge, we propose a novel consistent security evaluation methodology, called the UniSEC (Unified methodology for Security Evaluation of Caches), which estimates Worst-Case Leakage (WCL) and provides a consistent, comprehensive, and realistic measure of potential information leakage that various cache designs exhibit. UniSEC empirically shows that WCL estimation maximizes the revelation of potential information leakage that Relative Eviction Entropy (REE) based method fails to capture. UniSEC introduces an Effective Security Score (ESS) that takes into account Active Attackers Cache Lines (AACLs) within an attackers eviction set and the uniformity of the eviction distribution across the AACLs to measure the worst-case leakage. Our results show that well-distributed eviction probabilities across attackers eviction set lead to higher ESS and overall entropy. We carry out experiments to measure WCL, REE, and ESS in six state-of-the-art secure cache designs and vary associativity and cache sizes to measure the impact on information leakage. Our experiments reveal that security-critical applications cannot rely on the security guarantees being provided by REE alone. Therefore, WCL is a more realistic metric for measuring the actual amount of information leakage in caches.

Keywords:

Please cite this work as follows:
P. Shrestha, A. D. Brucker, and M. K. Bhatti, “From entropy to leakage: A unified methodology for security evaluation of caches,” in Design, automation & test in europe conference (DATE), IEEE, 2026.

BibTeX
@InCollection{ shrestha.ea:secure-cache-evaluation:2026,
  keywords  = {},
  location  = {},
  author    = {Pratik Shrestha and Achim D. Brucker and M. Khurram Bhatti},
  booktitle = {Design, Automation \& Test in Europe Conference (DATE)},
  language  = {USenglish},
  publisher = {{IEEE}},
  address   = {},
  series    = {},
  number    = {},
  editor    = {},
  title     = {From Entropy to Leakage: A Unified Methodology for Security
               Evaluation of Caches},
  areas     = {hardware, security},
  year      = {2026},
  month     = {apr},
  doi       = {},
  pages     = {},
  isbn      = {},
  abstract  = {Cache Side-Channel Attacks (CSCAs) can leak sensitive
               information by exploiting shared cache resources. Although
               many secure cache designs like CEASER, Scatter-Cache,
               PhantomCache, MIRAGE, and IECache have been proposed, the
               security evaluation methods being used by these designs remain
               diverse, often inconsistent, and scattered. This inconsistency
               makes it challenging to compare the security strengths of the
               state-of-the-art cache designs for security-critical
               applications. To address this challenge, we propose a novel
               consistent security evaluation methodology, called the UniSEC
               (Unified methodology for Security Evaluation of Caches), which
               estimates Worst-Case Leakage (WCL) and provides a consistent,
               comprehensive, and realistic measure of potential information
               leakage that various cache designs exhibit. UniSEC empirically
               shows that WCL estimation maximizes the revelation of
               potential information leakage that Relative Eviction Entropy
               (REE) based method fails to capture. UniSEC introduces an
               Effective Security Score (ESS) that takes into account Active
               Attackers Cache Lines (AACLs) within an attackers
               eviction set and the uniformity of the eviction distribution
               across the AACLs to measure the worst-case leakage. Our
               results show that well-distributed eviction probabilities
               across attackers eviction set lead to higher ESS and
               overall entropy. We carry out experiments to measure WCL, REE,
               and ESS in six state-of-the-art secure cache designs and vary
               associativity and cache sizes to measure the impact on
               information leakage. Our experiments reveal that
               security-critical applications cannot rely on the security
               guarantees being provided by REE alone. Therefore, WCL is a
               more realistic metric for measuring the actual amount of
               information leakage in caches.},
}