Preventing Denial-of-Service Attacks in Shared CMP Caches

  • Georgios Keramidas
  • Pavlos Petoumenos
  • Stefanos Kaxiras
  • Alexandros Antonopoulos
  • Dimitrios Serpanos
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4017)


Denial-of-Service (DoS) attacks try to exhaust some shared resources (e.g. process tables, functional units) of a service-centric provider. As Chip Multi-Processors (CMPs) are becoming mainstream architecture for server class processors, the need to manage on-chip resources in a way that can provide QoS guarantees becomes a necessity. Shared resources in CMPs typically include L2 cache memory. In this paper, we explore the problem of managing the on-chip shared caches in a CMP workstation where malicious threads or just cache “hungry” threads try to hog the cache giving rise to DoS opportunities. An important characteristic of our method is that there is no need to distinguish between malicious and “healthy” threads. The proposed methodology is based on a statistical model of a shared cache that can be fed with run-time information and accurately describe the behavior of the shared threads. Using this information, we are able to understand which thread (malicious or not) can be “compressed” into less space with negligible damage and to drive accordingly the underlying replacement policy of the cache. Our results show that the proposed attack-resistant replacement algorithm can be used to enforce high-level policies such as policies that try to maximize the “usefulness” of the cache real estate or assign custom space-allocation policies based on external QoS needs.


Active Ratio Cache Size Cache Replacement Shared Cache Reuse Distance 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Suh, G.E., Devadas, S., Rudolph, L.: A new memory monitoring scheme for memory-aware scheduling and partitioning. In: High-Performance Computer Architecture HPCA 2002 (2002)Google Scholar
  2. 2.
    Kim, S., Chandra, D., Solihin, Y.: Fair cache sharing and partitioning in a chip multiprocessor architecture. In: Parallel Architectures and Compilation Techniques, PACT 2004 (2004)Google Scholar
  3. 3.
    Chandra, D., Guo, F., Kim, S., Solihin, Y.: Predicting inter-thread cache contention on a chip multi-processor architecture. In: High-Performance Computer Architecture HPCA 2005 (2005)Google Scholar
  4. 4.
    Karlsson, M., Hagersten, E.: Timestamp-Based Selective Cache Allocation. In: Hadimiouglu, H., et al. (eds.) High Performance Memory Systems. Springer, Heidelberg (2003)Google Scholar
  5. 5.
    Berg, E., Zeffer, H., Hagersten, E.: A Statistical Multiprocessor Cache Model. In: International Symposium on Performance Analysis of Systems and Software (ISPASS-2006), USA (2006)Google Scholar
  6. 6.
    Berg, E., Hagersten, E.: Fast Data-Locality Profiling of Native Execution. In: ACM SIGMETRICS 2005, Canada (2005)Google Scholar
  7. 7.
    Kaxiras, S., Hu, Z., Martonosi, M.: Cache Decay: Exploiting Generational Behavior to Reduce Cache Leakage Power. In: International Symposium on Computer Architecture ISCA’28 (2001)Google Scholar
  8. 8.
    Kongetira, P., Aingaran, K., Olukutun, K.: Niagara: A 32-Way Multithreaded SPARC Processor. IEEE Micro (2005)Google Scholar
  9. 9.
    Krewell, K.: Power5 Tops on Bandwidth. Microprocessor Report (2003)Google Scholar
  10. 10.
    Krewell, K.: Double Your Opterons; Double Your Fun. Microprocessor Report (2004)Google Scholar
  11. 11.
    Hennessy, J., Patterson, D.: Computer Architecture: a Quantitative Approach, 2nd edn. Morgan-Kaufmann Publishers, Inc., San Francisco (1996)zbMATHGoogle Scholar
  12. 12.
    Goncalves, R., Ayguade, E., Valero, M., Navaux, P.: A Simulator for SMT Architectures: Evaluating Instruction Cache Topologies. In: 12th Symposium on Computer Architecture and High Performance, SBAC-PAD 2000 (2000)Google Scholar
  13. 13.
    Mattson, R.L., Gecsei, J., Slutz, D.R., Traiger, I.L.: Evaluation techniques for storage hierarchies. IBM Systems Journal (1970)Google Scholar
  14. 14.
    CNN. ‘Immense’ network assault takes down Yahoo (2000), Available at
  15. 15.
    Netscape. Leading Web sites under attack (2000), Available at
  16. 16.
    Grunwald, D., Ghiasi, S.: Microarchitectural denial of service: insuring microarchitectural fairness. In: International Symposium on Microarchitecture MICRO-35 (2002)Google Scholar
  17. 17.
    Hasan, J., Jalote, A., Vijaykumar, T.N., Brodley, C.E.: Heat Stroke: Power-Density-Based Denial of Service in SMT. In: High Performance Computer Architecture HPCA 2005 (2005)Google Scholar
  18. 18. Technology terms: Denial of service, Available at,289893,sid9gci213591,00.html
  19. 19.
    Soderquist, P., Leeser, M.: Optimizing the Data Cache Performance of a Software MPEG-2 Video Decoder. In: ACM Multimedia 1997 - Electronic Proceedings (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Georgios Keramidas
    • 1
  • Pavlos Petoumenos
    • 1
  • Stefanos Kaxiras
    • 1
  • Alexandros Antonopoulos
    • 1
  • Dimitrios Serpanos
    • 1
  1. 1.Department of Electrical and Computer EngineeringUniversity of PatrasPatrasGreece

Personalised recommendations