Skip to main content
SpringerLink
Log in

Preventing Denial-of-Service Attacks in Shared CMP Caches

  • Conference paper
Embedded Computer Systems: Architectures, Modeling, and Simulation (SAMOS 2006)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4017))

Included in the following conference series:

Abstract

Denial-of-Service (DoS) attacks try to exhaust some shared resources (e.g. process tables, functional units) of a service-centric provider. As Chip Multi-Processors (CMPs) are becoming mainstream architecture for server class processors, the need to manage on-chip resources in a way that can provide QoS guarantees becomes a necessity. Shared resources in CMPs typically include L2 cache memory. In this paper, we explore the problem of managing the on-chip shared caches in a CMP workstation where malicious threads or just cache “hungry” threads try to hog the cache giving rise to DoS opportunities. An important characteristic of our method is that there is no need to distinguish between malicious and “healthy” threads. The proposed methodology is based on a statistical model of a shared cache that can be fed with run-time information and accurately describe the behavior of the shared threads. Using this information, we are able to understand which thread (malicious or not) can be “compressed” into less space with negligible damage and to drive accordingly the underlying replacement policy of the cache. Our results show that the proposed attack-resistant replacement algorithm can be used to enforce high-level policies such as policies that try to maximize the “usefulness” of the cache real estate or assign custom space-allocation policies based on external QoS needs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Suh, G.E., Devadas, S., Rudolph, L.: A new memory monitoring scheme for memory-aware scheduling and partitioning. In: High-Performance Computer Architecture HPCA 2002 (2002)

    Google Scholar 

  2. Kim, S., Chandra, D., Solihin, Y.: Fair cache sharing and partitioning in a chip multiprocessor architecture. In: Parallel Architectures and Compilation Techniques, PACT 2004 (2004)

    Google Scholar 

  3. Chandra, D., Guo, F., Kim, S., Solihin, Y.: Predicting inter-thread cache contention on a chip multi-processor architecture. In: High-Performance Computer Architecture HPCA 2005 (2005)

    Google Scholar 

  4. Karlsson, M., Hagersten, E.: Timestamp-Based Selective Cache Allocation. In: Hadimiouglu, H., et al. (eds.) High Performance Memory Systems. Springer, Heidelberg (2003)

    Google Scholar 

  5. Berg, E., Zeffer, H., Hagersten, E.: A Statistical Multiprocessor Cache Model. In: International Symposium on Performance Analysis of Systems and Software (ISPASS-2006), USA (2006)

    Google Scholar 

  6. Berg, E., Hagersten, E.: Fast Data-Locality Profiling of Native Execution. In: ACM SIGMETRICS 2005, Canada (2005)

    Google Scholar 

  7. Kaxiras, S., Hu, Z., Martonosi, M.: Cache Decay: Exploiting Generational Behavior to Reduce Cache Leakage Power. In: International Symposium on Computer Architecture ISCA’28 (2001)

    Google Scholar 

  8. Kongetira, P., Aingaran, K., Olukutun, K.: Niagara: A 32-Way Multithreaded SPARC Processor. IEEE Micro (2005)

    Google Scholar 

  9. Krewell, K.: Power5 Tops on Bandwidth. Microprocessor Report (2003)

    Google Scholar 

  10. Krewell, K.: Double Your Opterons; Double Your Fun. Microprocessor Report (2004)

    Google Scholar 

  11. Hennessy, J., Patterson, D.: Computer Architecture: a Quantitative Approach, 2nd edn. Morgan-Kaufmann Publishers, Inc., San Francisco (1996)

    MATH  Google Scholar 

  12. Goncalves, R., Ayguade, E., Valero, M., Navaux, P.: A Simulator for SMT Architectures: Evaluating Instruction Cache Topologies. In: 12th Symposium on Computer Architecture and High Performance, SBAC-PAD 2000 (2000)

    Google Scholar 

  13. Mattson, R.L., Gecsei, J., Slutz, D.R., Traiger, I.L.: Evaluation techniques for storage hierarchies. IBM Systems Journal (1970)

    Google Scholar 

  14. CNN. ‘Immense’ network assault takes down Yahoo (2000), Available at http://www.cnn.com/2000/TECH/computing/02/08/yahoo.assault.idg/index.html

  15. Netscape. Leading Web sites under attack (2000), Available at http://technews.net-scape.com/news/0-1007-200-1545348.html

  16. Grunwald, D., Ghiasi, S.: Microarchitectural denial of service: insuring microarchitectural fairness. In: International Symposium on Microarchitecture MICRO-35 (2002)

    Google Scholar 

  17. Hasan, J., Jalote, A., Vijaykumar, T.N., Brodley, C.E.: Heat Stroke: Power-Density-Based Denial of Service in SMT. In: High Performance Computer Architecture HPCA 2005 (2005)

    Google Scholar 

  18. Techtarget.com. Technology terms: Denial of service, Available at http://whatis.techtarget.com/definition/0,289893,sid9gci213591,00.html

  19. Soderquist, P., Leeser, M.: Optimizing the Data Cache Performance of a Software MPEG-2 Video Decoder. In: ACM Multimedia 1997 - Electronic Proceedings (1997)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electrical and Computer Engineering, University of Patras, Patras, Greece

    Georgios Keramidas, Pavlos Petoumenos, Stefanos Kaxiras, Alexandros Antonopoulos & Dimitrios Serpanos

Authors
  1. Georgios Keramidas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pavlos Petoumenos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stefanos Kaxiras
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alexandros Antonopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Dimitrios Serpanos
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Engineering Lab, TUDelft, Postbus 5031, 2600, Delft, GA, The Netherlands

    Stamatis Vassiliadis

  2. Computer Engineering, EEMCS, Delft University of Technology, Mekelweg 4, 2628, Delft, CD, The Netherlands

    Stephan Wong

  3. Department of Computer Systems, Tampere University of Technology, P.O. Box 553, FI-33101, Tampere, Finland

    Timo D. Hämäläinen

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Keramidas, G., Petoumenos, P., Kaxiras, S., Antonopoulos, A., Serpanos, D. (2006). Preventing Denial-of-Service Attacks in Shared CMP Caches. In: Vassiliadis, S., Wong, S., Hämäläinen, T.D. (eds) Embedded Computer Systems: Architectures, Modeling, and Simulation. SAMOS 2006. Lecture Notes in Computer Science, vol 4017. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11796435_37

Download citation

  • DOI: https://doi.org/10.1007/11796435_37

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-36410-8

  • Online ISBN: 978-3-540-36411-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation