Preventing Denial-of-Service Attacks in Shared CMP Caches

Georgios Keramidas, Pavlos Petoumenos, Stefanos Kaxiras, Alexandros Antonopoulos, Dimitrios Serpanos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

Denial-of-Service (DoS) attacks try to exhaust some shared resources (e.g. process tables, functional units) of a service-centric provider. As Chip Multi-Processors (CMPs) are becoming mainstream architecture for server class processors, the need to manage on-chip resources in a way that can provide QoS guarantees becomes a necessity. Shared resources in CMPs typically include L2 cache memory. In this paper, we explore the problem of managing the on-chip shared caches in a CMP workstation where malicious threads or just cache “hungry” threads try to hog the cache giving rise to DoS opportunities. An important characteristic of our method is that there is no need to distinguish between malicious and “healthy” threads. The proposed methodology is based on a statistical model of a shared cache that can be fed with run-time information and accurately describe the behavior of the shared threads. Using this information, we are able to understand which thread (malicious or not) can be “compressed” into less space with negligible damage and to drive accordingly the underlying replacement policy of the cache. Our results show that the proposed attack-resistant replacement algorithm can be used to enforce high-level policies such as policies that try to maximize the “usefulness” of the cache real estate or assign custom space-allocation policies based on external QoS needs.
Original languageEnglish
Title of host publicationEmbedded Computer Systems: Architectures, Modeling, and Simulation
Subtitle of host publication6th International Workshop, SAMOS 2006, Samos, Greece, July 17-20, 2006. Proceedings
EditorsStamatis Vassiliadis, Stephan Wong, Timo D. Hämäläinen
Place of PublicationBerlin, Heidelberg
PublisherSpringer Berlin Heidelberg
Pages359-372
Number of pages14
ISBN (Electronic)978-3-540-36411-5
ISBN (Print)978-3-540-36410-8
DOIs
Publication statusPublished - 2006

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Berlin Heidelberg
Volume4017
ISSN (Print)0302-9743

Fingerprint

Dive into the research topics of 'Preventing Denial-of-Service Attacks in Shared CMP Caches'. Together they form a unique fingerprint.

Cite this