Tuple Space Explosion: A Denial-of-Service Attack Against a Software Packet Classifier

Efficient and highly available packet classification is fundamental for various security primitives. In this paper, we evaluate whether the de facto Tuple Space Search (TSS) packet classification algorithm used in popular software networking stacks such as the Open vSwitch is robust against low-rate denial-of-service attacks. We present the Tuple Space Explosion (TSE) attack that exploits the fundamental space/time complexity of the TSS algorithm. TSE can degrade the switch performance to 12% of its full capacity with a very low packet rate (0.7 Mbps) when the target only has simple policies such as, "allow some, but drop others". Worse, an adversary with additional partial knowledge of these policies can virtually bring down the target with the same low attack rate. Interestingly, TSE does not generate any specific traffic patterns but only requires arbitrary headers and payloads which makes it particularly hard to detect. Due to the fundamental complexity characteristics of TSS, unfortunately, there seems to be no complete mitigation to the problem. As a long-term solution, we suggest the use of other algorithms (e.g., HaRP) that are not vulnerable to the TSE attack. As a short-term countermeasure, we propose MFCGuard that carefully manages the tuple space and keeps packet classification fast

Thread assignment optimization with real-time performance and memory bandwidth guarantees for energy-efficient heterogeneous multi-core systems

The current trend to move from homogeneous to heterogeneous multi-core systems promises further performance and energy-efficiency benefits. A typical future heterogeneous multi-core system includes two distinct types of cores, such as high performance sophisticated ("large") cores and simple low-power ("small") cores. In those heterogeneous platforms, execution phases of application threads that are CPU-intensive can take best advantage of large cores, whereas I/O or memory intensive execution phases are best suited and assigned to small cores. However, it is crucial that the assignment of threads to cores satisfy both the computational and memory bandwidth constraints of the threads. We propose an optimization approach to determine and apply the most energy efficient assignment of threads with soft real-time performance and memory bandwidth constraints in a multi-core system. Our approach includes an ILP (Integer Linear Programming) optimization model and a scheme to dynamically change thread-to-core assignment, since thread execution phases may change over time. In comparison to state-of-art dynamic thread assignment schemes, we show energy savings and performance gains for a variety of workloads, while respecting thread performance and memory bandwidth requirements. © 2012 IEEE