1,481 research outputs found
A software approach to defeating side channels in last-level caches
We present a software approach to mitigate access-driven side-channel attacks
that leverage last-level caches (LLCs) shared across cores to leak information
between security domains (e.g., tenants in a cloud). Our approach dynamically
manages physical memory pages shared between security domains to disable
sharing of LLC lines, thus preventing "Flush-Reload" side channels via LLCs. It
also manages cacheability of memory pages to thwart cross-tenant "Prime-Probe"
attacks in LLCs. We have implemented our approach as a memory management
subsystem called CacheBar within the Linux kernel to intervene on such side
channels across container boundaries, as containers are a common method for
enforcing tenant isolation in Platform-as-a-Service (PaaS) clouds. Through
formal verification, principled analysis, and empirical evaluation, we show
that CacheBar achieves strong security with small performance overheads for
PaaS workloads
DReAM: An approach to estimate per-Task DRAM energy in multicore systems
Accurate per-task energy estimation in multicore systems would allow performing per-task energy-aware task scheduling and energy-aware billing in data centers, among other applications. Per-task energy estimation is challenged by the interaction between tasks in shared resources, which impacts tasks’ energy consumption in uncontrolled ways. Some accurate mechanisms have been devised recently to estimate per-task energy consumed on-chip in multicores, but there is a lack of such mechanisms for DRAM memories. This article makes the case for accurate per-task DRAM energy metering in multicores, which opens new paths to energy/performance optimizations. In particular, the contributions of this article are (i) an ideal per-task energy metering model for DRAM memories; (ii) DReAM, an accurate yet low cost implementation of the ideal model (less than 5% accuracy error when 16 tasks share memory); and (iii) a comparison with standard methods (even distribution and access-count based) proving that DReAM is much more accurate than these other methods.Peer ReviewedPostprint (author's final draft
- …