210 likes | 240 Vues
Learn how to shape memory requests to protect against timing attacks in shared resource environments. Explore methods to camouflage memory access patterns effectively. Presented at the IEEE International Symposium on High Performance Computer Architecture in 2017. 8 Relevant
E N D
Camouflage: Memory Traffic Shaping to Mitigate Timing Attacks Yanqi Zhou, Sameer Wagh, Prateek Mittal, and David Wentzlaff 2017 IEEE International Symposium on High Performance Computer Architecture (HPCA) Presented by : Sandeep Kumar
Side-Channel Attacks • Victim and the attacker process are running on same hardware, and there is some shared resource between them. • Attacker aim to discern the victims activity based on its activity on the shared resource. Shared Resource
How it is done Shared resource, L1 or L2 cache
How it is done Shared resource, L1 or L2 cache Write
How it is done Shared resource, L1 or L2 cache Read
How it is done Shared resource, L1 or L2 cache Write
How it is done Read
How it is done Do this multiple times. Victim process’s access pattern is leaked. Memory requests Time
The problem? Memory requests Time
Leaked memory requests distribution Lots of data access operation. Memory requests Not so many. Time
Camouflaged memory requests distribution CAMOUFLAGED Distribution hidden by a uniform distribution Memory requests Time
Design of Camouflage Request Shaper: Shapes the memory requests from the applications Response Shaper: Shapes the memory response from the memory controller.
Algorithm: Quickly BINS: Controls the memory accesses. Each having different rate of operation. µ1 µ5 µ4 µ3 µ2
Algorithm: Quickly Bins are filled with one token at every EPOCH. EPOCH 1 µ1 µ5 µ4 µ3 µ2 Every memory requests consumes one token.
Algorithm: Quickly Un-used tokens are used to generate fake request at the end of each EPOCH. EPOCH 2 µ1 µ5 µ4 µ3 µ2
Algorithm: Quickly Constant Shaper: Please note that if there is a single bin then the rate of operation is constant. EPOCH 2 µ3
Algorithm Monitor LLC for cache hits and misses Low? Rate exceeding? Issue STALL signal to the core. YES YES Generate fake memory requests with low priority.
Mutual Information theory • How much information is leaked? Optimal: