Preventing denial-of-service attacks in shared CMP caches

Authors:
Georgios Keramidas;Pavlos Petoumenos;Stefanos Kaxiras;Alexandros Antonopoulos;Dimitrios Serpanos
Affiliations:
Department of Electrical and Computer Engineering, University of Patras, Patras, Greece;Department of Electrical and Computer Engineering, University of Patras, Patras, Greece;Department of Electrical and Computer Engineering, University of Patras, Patras, Greece;Department of Electrical and Computer Engineering, University of Patras, Patras, Greece;Department of Electrical and Computer Engineering, University of Patras, Patras, Greece
Venue:
SAMOS'06 Proceedings of the 6th international conference on Embedded Computer Systems: architectures, Modeling, and Simulation
Year:
2006

Citing 11
Cited 0

Optimizing the data cache performance of a software MPEG-2 video decoder

MULTIMEDIA '97 Proceedings of the fifth ACM international conference on Multimedia
Computer architecture (2nd ed.): a quantitative approach

Computer architecture (2nd ed.): a quantitative approach
Cache decay: exploiting generational behavior to reduce cache leakage power

ISCA '01 Proceedings of the 28th annual international symposium on Computer architecture
Microarchitectural denial of service: insuring microarchitectural fairness

Proceedings of the 35th annual ACM/IEEE international symposium on Microarchitecture
A New Memory Monitoring Scheme for Memory-Aware Scheduling and Partitioning

HPCA '02 Proceedings of the 8th International Symposium on High-Performance Computer Architecture
Fair Cache Sharing and Partitioning in a Chip Multiprocessor Architecture

Proceedings of the 13th International Conference on Parallel Architectures and Compilation Techniques
Heat Stroke: Power-Density-Based Denial of Service in SMT

HPCA '05 Proceedings of the 11th International Symposium on High-Performance Computer Architecture
Predicting Inter-Thread Cache Contention on a Chip Multi-Processor Architecture

HPCA '05 Proceedings of the 11th International Symposium on High-Performance Computer Architecture
Fast data-locality profiling of native execution

SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Niagara: A 32-Way Multithreaded Sparc Processor

IEEE Micro
Evaluation techniques for storage hierarchies

IBM Systems Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

Denial-of-Service (DoS) attacks try to exhaust some shared resources (e.g. process tables, functional units) of a service-centric provider. As Chip Multi-Processors (CMPs) are becoming mainstream architecture for server class processors, the need to manage on-chip resources in a way that can provide QoS guarantees becomes a necessity. Shared resources in CMPs typically include L2 cache memory. In this paper, we explore the problem of managing the on-chip shared caches in a CMP workstation where malicious threads or just cache “hungry” threads try to hog the cache giving rise to DoS opportunities. An important characteristic of our method is that there is no need to distinguish between malicious and “healthy” threads. The proposed methodology is based on a statistical model of a shared cache that can be fed with run-time information and accurately describe the behavior of the shared threads. Using this information, we are able to understand which thread (malicious or not) can be “compressed” into less space with negligible damage and to drive accordingly the underlying replacement policy of the cache. Our results show that the proposed attack-resistant replacement algorithm can be used to enforce high-level policies such as policies that try to maximize the “usefulness” of the cache real estate or assign custom space-allocation policies based on external QoS needs.