Abstract
Denial-of-Service (DoS) attacks try to exhaust some shared resources (e.g. process tables, functional units) of a service-centric provider. As Chip Multi-Processors (CMPs) are becoming mainstream architecture for server class processors, the need to manage on-chip resources in a way that can provide QoS guarantees becomes a necessity. Shared resources in CMPs typically include L2 cache memory. In this paper, we explore the problem of managing the on-chip shared caches in a CMP workstation where malicious threads or just cache “hungry” threads try to hog the cache giving rise to DoS opportunities. An important characteristic of our method is that there is no need to distinguish between malicious and “healthy” threads. The proposed methodology is based on a statistical model of a shared cache that can be fed with run-time information and accurately describe the behavior of the shared threads. Using this information, we are able to understand which thread (malicious or not) can be “compressed” into less space with negligible damage and to drive accordingly the underlying replacement policy of the cache. Our results show that the proposed attack-resistant replacement algorithm can be used to enforce high-level policies such as policies that try to maximize the “usefulness” of the cache real estate or assign custom space-allocation policies based on external QoS needs.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Suh, G.E., Devadas, S., Rudolph, L.: A new memory monitoring scheme for memory-aware scheduling and partitioning. In: High-Performance Computer Architecture HPCA 2002 (2002)
Kim, S., Chandra, D., Solihin, Y.: Fair cache sharing and partitioning in a chip multiprocessor architecture. In: Parallel Architectures and Compilation Techniques, PACT 2004 (2004)
Chandra, D., Guo, F., Kim, S., Solihin, Y.: Predicting inter-thread cache contention on a chip multi-processor architecture. In: High-Performance Computer Architecture HPCA 2005 (2005)
Karlsson, M., Hagersten, E.: Timestamp-Based Selective Cache Allocation. In: Hadimiouglu, H., et al. (eds.) High Performance Memory Systems. Springer, Heidelberg (2003)
Berg, E., Zeffer, H., Hagersten, E.: A Statistical Multiprocessor Cache Model. In: International Symposium on Performance Analysis of Systems and Software (ISPASS-2006), USA (2006)
Berg, E., Hagersten, E.: Fast Data-Locality Profiling of Native Execution. In: ACM SIGMETRICS 2005, Canada (2005)
Kaxiras, S., Hu, Z., Martonosi, M.: Cache Decay: Exploiting Generational Behavior to Reduce Cache Leakage Power. In: International Symposium on Computer Architecture ISCA’28 (2001)
Kongetira, P., Aingaran, K., Olukutun, K.: Niagara: A 32-Way Multithreaded SPARC Processor. IEEE Micro (2005)
Krewell, K.: Power5 Tops on Bandwidth. Microprocessor Report (2003)
Krewell, K.: Double Your Opterons; Double Your Fun. Microprocessor Report (2004)
Hennessy, J., Patterson, D.: Computer Architecture: a Quantitative Approach, 2nd edn. Morgan-Kaufmann Publishers, Inc., San Francisco (1996)
Goncalves, R., Ayguade, E., Valero, M., Navaux, P.: A Simulator for SMT Architectures: Evaluating Instruction Cache Topologies. In: 12th Symposium on Computer Architecture and High Performance, SBAC-PAD 2000 (2000)
Mattson, R.L., Gecsei, J., Slutz, D.R., Traiger, I.L.: Evaluation techniques for storage hierarchies. IBM Systems Journal (1970)
CNN. ‘Immense’ network assault takes down Yahoo (2000), Available at http://www.cnn.com/2000/TECH/computing/02/08/yahoo.assault.idg/index.html
Netscape. Leading Web sites under attack (2000), Available at http://technews.net-scape.com/news/0-1007-200-1545348.html
Grunwald, D., Ghiasi, S.: Microarchitectural denial of service: insuring microarchitectural fairness. In: International Symposium on Microarchitecture MICRO-35 (2002)
Hasan, J., Jalote, A., Vijaykumar, T.N., Brodley, C.E.: Heat Stroke: Power-Density-Based Denial of Service in SMT. In: High Performance Computer Architecture HPCA 2005 (2005)
Techtarget.com. Technology terms: Denial of service, Available at http://whatis.techtarget.com/definition/0,289893,sid9gci213591,00.html
Soderquist, P., Leeser, M.: Optimizing the Data Cache Performance of a Software MPEG-2 Video Decoder. In: ACM Multimedia 1997 - Electronic Proceedings (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Keramidas, G., Petoumenos, P., Kaxiras, S., Antonopoulos, A., Serpanos, D. (2006). Preventing Denial-of-Service Attacks in Shared CMP Caches. In: Vassiliadis, S., Wong, S., Hämäläinen, T.D. (eds) Embedded Computer Systems: Architectures, Modeling, and Simulation. SAMOS 2006. Lecture Notes in Computer Science, vol 4017. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11796435_37
Download citation
DOI: https://doi.org/10.1007/11796435_37
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-36410-8
Online ISBN: 978-3-540-36411-5
eBook Packages: Computer ScienceComputer Science (R0)