"Exploring the Translation Lookaside Buffer (TLB) for Low-Level Task Di" by Cristian Agredo, Daniel F. Koranek et al. 10.1109/ACCESS.2025.3583115">
 

Document Type

Article

Publication Date

6-25-2025

Abstract

The primary focus of modern Central Processing Unit (CPU) technologies is performance improvement, with security often considered a secondary concern. As a result, vulnerabilities within the system are overlooked. While significant research, both offensive and defensive, has been conducted on CPU caches, relatively little attention has been given to the Translation Lookaside Buffer (TLB) due to its perceived lack of data granularity. Prior studies have typically combined multiple Hardware Performance Counters (HPCs) or relied on timing analysis to extract meaningful insights. In contrast, this study introduces a novel methodology that leverages only TLB related HPCs for multi-task classification, without incorporating data from other microarchitectural components such as caches or branch predictors, and without relying on timing memory accesses. In the proposed methodology, an attacker uses HPCs to collect TLB based data while a victim executes tasks. We demonstrate that statistical learning models, including Random Forest (RF) and Logistic Regression (LR), achieve classification accuracy of up to 87%, surpassing the next best TLB only method (based on timing analysis) by 11%. Furthermore, neural networks, such as Artificial Neural Network (ANN) and Convolution Neural Network (CNN), achieve 88% accuracy, improving prior TLB based approaches by 12%. These findings demonstrate the potential of TLB based methodologies for task classification, victim monitoring, and future security enhancements in microarchitectural design.

Comments

© 2025 The Authors.

This article is published by IEEE, licensed under a Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

In accordance with the CC BY license, AFIT Scholar shares the final version of record as sourced from IEEE.

Author note: Cristian Agredo was an AFIT PhD student at the time of this article's publication.

Source Publication

IEEE Access (eISSN 2169-3536)

Included in

Cybersecurity Commons

Share

COinS