ByteByteGo Newsletter

Share this post

Cache miss attack

blog.bytebytego.com

Cache miss attack

Alex Xu
Mar 9, 2022
21
2
Share this post

Cache miss attack

blog.bytebytego.com

Caching is awesome but it doesn’t come without a cost, just like many things in life.

One of the issues is π‚πšπœπ‘πž 𝐌𝐒𝐬𝐬 π€π­π­πšπœπ€. Please correct me if this is not the right term. It refers to the scenario where data to fetch doesn't exist in the database and the data isn’t cached either. So every request hits the database eventually, defeating the purpose of using a cache. If a malicious user initiates lots of queries with such keys, the database can easily be overloaded.

The diagram below illustrates the process.

Two approaches are commonly used to solve this problem:

πŸ”ΉCache keys with null value. Set a short TTL (Time to Live) for keys with null value.

πŸ”ΉUsing Bloom filter. A Bloom filter is a data structure that can rapidly tell us whether an element is present in a set or not. If the key exists, the request first goes to the cache and then queries the database if needed. If the key doesn't exist in the data set, it means the key doesn’t exist in the cache/database. In this case, the query will not hit the cache or database layer.


If you enjoyed this post, you might like our system design interview books as well.

SDI-vol1: https://amzn.to/3tK0qQn

SDI-vol2: https://amzn.to/37ZisW9

2
Share this post

Cache miss attack

blog.bytebytego.com
2 Comments
Manh Phan
Apr 24, 2022

Sometimes, I see it can be called caching penetration.

Expand full comment
ReplyCollapse
Qingsong Yao
Oct 17, 2022

If hacker are using randomly generated key, cache with null value will still have the same issue.

Expand full comment
ReplyCollapse
TopNewCommunity

No posts

Ready for more?

Β© 2023 ByteByteGo
Privacy βˆ™ Terms βˆ™ Collection notice
Start WritingGet the app
SubstackΒ is the home for great writing