Preventing denial-of-service attacks in shared CMP caches

Georgios Keramidas, Pavlos Petoumenos, Stefanos Kaxiras, Alexandros Antonopoulos, Dimitrios Serpanos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Denial-of-Service (DoS) attacks try to exhaust some shared resources (e.g. process tables, functional units) of a service-centric provider. As Chip Multi-Processors (CMPs) are becoming mainstream architecture for server class processors, the need to manage on-chip resources in a way that can provide QoS guarantees becomes a necessity. Shared resources in CMPs typically include L2 cache memory. In this paper, we explore the problem of managing the on-chip shared caches in a CMP workstation where malicious threads or just cache "hungry" threads try to hog the cache giving rise to DoS opportunities. An important characteristic of our method is that there is no need to distinguish between malicious and "healthy" threads. The proposed methodology is based on a statistical model of a shared cache that can be fed with run-time information and accurately describe the behavior of the shared threads. Using this information, we are able to understand which thread (malicious or not) can be "compressed" into less space with negligible damage and to drive accordingly the underlying replacement policy of the cache. Our results show that the proposed attack-resistant replacement algorithm can be used to enforce high-level policies such as policies that try to maximize the "usefulness" of the cache real estate or assign custom space-allocation policies based on external QoS needs.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages359-372
Number of pages14
Volume4017 LNCS
DOIs
Publication statusPublished - 9 Aug 2006
Externally publishedYes
Event6th International Workshop on Architectures, Modeling, and Simulation, SAMOS 2006 - Samos, Greece
Duration: 17 Jul 200620 Jul 2006

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4017 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other6th International Workshop on Architectures, Modeling, and Simulation, SAMOS 2006
CountryGreece
CitySamos
Period17/7/0620/7/06

Fingerprint

Chip multiprocessors
Denial of Service
Cache
Quality of service
Thread
Attack
Cache memory
Servers
Resources
Statistical Models
Chip
Replacement Policy
Method of Characteristics
Statistical Model
Replacement
Assign
Tables
Denial-of-service attack
Server
Damage

ASJC Scopus subject areas

  • Computer Science(all)
  • Biochemistry, Genetics and Molecular Biology(all)
  • Theoretical Computer Science

Cite this

Keramidas, G., Petoumenos, P., Kaxiras, S., Antonopoulos, A., & Serpanos, D. (2006). Preventing denial-of-service attacks in shared CMP caches. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4017 LNCS, pp. 359-372). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4017 LNCS). https://doi.org/10.1007/11796435_37

Preventing denial-of-service attacks in shared CMP caches. / Keramidas, Georgios; Petoumenos, Pavlos; Kaxiras, Stefanos; Antonopoulos, Alexandros; Serpanos, Dimitrios.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4017 LNCS 2006. p. 359-372 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4017 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Keramidas, G, Petoumenos, P, Kaxiras, S, Antonopoulos, A & Serpanos, D 2006, Preventing denial-of-service attacks in shared CMP caches. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 4017 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4017 LNCS, pp. 359-372, 6th International Workshop on Architectures, Modeling, and Simulation, SAMOS 2006, Samos, Greece, 17/7/06. https://doi.org/10.1007/11796435_37
Keramidas G, Petoumenos P, Kaxiras S, Antonopoulos A, Serpanos D. Preventing denial-of-service attacks in shared CMP caches. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4017 LNCS. 2006. p. 359-372. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/11796435_37
Keramidas, Georgios ; Petoumenos, Pavlos ; Kaxiras, Stefanos ; Antonopoulos, Alexandros ; Serpanos, Dimitrios. / Preventing denial-of-service attacks in shared CMP caches. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4017 LNCS 2006. pp. 359-372 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{ab9a5439bf714da9acaea85fc07865a4,
title = "Preventing denial-of-service attacks in shared CMP caches",
abstract = "Denial-of-Service (DoS) attacks try to exhaust some shared resources (e.g. process tables, functional units) of a service-centric provider. As Chip Multi-Processors (CMPs) are becoming mainstream architecture for server class processors, the need to manage on-chip resources in a way that can provide QoS guarantees becomes a necessity. Shared resources in CMPs typically include L2 cache memory. In this paper, we explore the problem of managing the on-chip shared caches in a CMP workstation where malicious threads or just cache {"}hungry{"} threads try to hog the cache giving rise to DoS opportunities. An important characteristic of our method is that there is no need to distinguish between malicious and {"}healthy{"} threads. The proposed methodology is based on a statistical model of a shared cache that can be fed with run-time information and accurately describe the behavior of the shared threads. Using this information, we are able to understand which thread (malicious or not) can be {"}compressed{"} into less space with negligible damage and to drive accordingly the underlying replacement policy of the cache. Our results show that the proposed attack-resistant replacement algorithm can be used to enforce high-level policies such as policies that try to maximize the {"}usefulness{"} of the cache real estate or assign custom space-allocation policies based on external QoS needs.",
author = "Georgios Keramidas and Pavlos Petoumenos and Stefanos Kaxiras and Alexandros Antonopoulos and Dimitrios Serpanos",
year = "2006",
month = "8",
day = "9",
doi = "10.1007/11796435_37",
language = "English",
isbn = "3540364102",
volume = "4017 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "359--372",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - Preventing denial-of-service attacks in shared CMP caches

AU - Keramidas, Georgios

AU - Petoumenos, Pavlos

AU - Kaxiras, Stefanos

AU - Antonopoulos, Alexandros

AU - Serpanos, Dimitrios

PY - 2006/8/9

Y1 - 2006/8/9

N2 - Denial-of-Service (DoS) attacks try to exhaust some shared resources (e.g. process tables, functional units) of a service-centric provider. As Chip Multi-Processors (CMPs) are becoming mainstream architecture for server class processors, the need to manage on-chip resources in a way that can provide QoS guarantees becomes a necessity. Shared resources in CMPs typically include L2 cache memory. In this paper, we explore the problem of managing the on-chip shared caches in a CMP workstation where malicious threads or just cache "hungry" threads try to hog the cache giving rise to DoS opportunities. An important characteristic of our method is that there is no need to distinguish between malicious and "healthy" threads. The proposed methodology is based on a statistical model of a shared cache that can be fed with run-time information and accurately describe the behavior of the shared threads. Using this information, we are able to understand which thread (malicious or not) can be "compressed" into less space with negligible damage and to drive accordingly the underlying replacement policy of the cache. Our results show that the proposed attack-resistant replacement algorithm can be used to enforce high-level policies such as policies that try to maximize the "usefulness" of the cache real estate or assign custom space-allocation policies based on external QoS needs.

AB - Denial-of-Service (DoS) attacks try to exhaust some shared resources (e.g. process tables, functional units) of a service-centric provider. As Chip Multi-Processors (CMPs) are becoming mainstream architecture for server class processors, the need to manage on-chip resources in a way that can provide QoS guarantees becomes a necessity. Shared resources in CMPs typically include L2 cache memory. In this paper, we explore the problem of managing the on-chip shared caches in a CMP workstation where malicious threads or just cache "hungry" threads try to hog the cache giving rise to DoS opportunities. An important characteristic of our method is that there is no need to distinguish between malicious and "healthy" threads. The proposed methodology is based on a statistical model of a shared cache that can be fed with run-time information and accurately describe the behavior of the shared threads. Using this information, we are able to understand which thread (malicious or not) can be "compressed" into less space with negligible damage and to drive accordingly the underlying replacement policy of the cache. Our results show that the proposed attack-resistant replacement algorithm can be used to enforce high-level policies such as policies that try to maximize the "usefulness" of the cache real estate or assign custom space-allocation policies based on external QoS needs.

UR - http://www.scopus.com/inward/record.url?scp=33746742979&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33746742979&partnerID=8YFLogxK

U2 - 10.1007/11796435_37

DO - 10.1007/11796435_37

M3 - Conference contribution

SN - 3540364102

SN - 9783540364108

VL - 4017 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 359

EP - 372

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -