Preventing denial-of-service attacks in shared CMP caches

Georgios Keramidas, Pavlos Petoumenos, Stefanos Kaxiras, Alexandros Antonopoulos, Dimitrios Serpanos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Denial-of-Service (DoS) attacks try to exhaust some shared resources (e.g. process tables, functional units) of a service-centric provider. As Chip Multi-Processors (CMPs) are becoming mainstream architecture for server class processors, the need to manage on-chip resources in a way that can provide QoS guarantees becomes a necessity. Shared resources in CMPs typically include L2 cache memory. In this paper, we explore the problem of managing the on-chip shared caches in a CMP workstation where malicious threads or just cache "hungry" threads try to hog the cache giving rise to DoS opportunities. An important characteristic of our method is that there is no need to distinguish between malicious and "healthy" threads. The proposed methodology is based on a statistical model of a shared cache that can be fed with run-time information and accurately describe the behavior of the shared threads. Using this information, we are able to understand which thread (malicious or not) can be "compressed" into less space with negligible damage and to drive accordingly the underlying replacement policy of the cache. Our results show that the proposed attack-resistant replacement algorithm can be used to enforce high-level policies such as policies that try to maximize the "usefulness" of the cache real estate or assign custom space-allocation policies based on external QoS needs.

Original languageEnglish
Title of host publicationEmbedded Computer Systems
Subtitle of host publicationArchitectures, Modeling, and Simulation - 6th International Workshop, SAMOS 2006, Proceedings
PublisherSpringer Verlag
Pages359-372
Number of pages14
ISBN (Print)3540364102, 9783540364108
DOIs
Publication statusPublished - 1 Jan 2006
Event6th International Workshop on Architectures, Modeling, and Simulation, SAMOS 2006 - Samos, Greece
Duration: 17 Jul 200620 Jul 2006

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4017 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other6th International Workshop on Architectures, Modeling, and Simulation, SAMOS 2006
CountryGreece
CitySamos
Period17/7/0620/7/06

    Fingerprint

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Keramidas, G., Petoumenos, P., Kaxiras, S., Antonopoulos, A., & Serpanos, D. (2006). Preventing denial-of-service attacks in shared CMP caches. In Embedded Computer Systems: Architectures, Modeling, and Simulation - 6th International Workshop, SAMOS 2006, Proceedings (pp. 359-372). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4017 LNCS). Springer Verlag. https://doi.org/10.1007/11796435_37