Timing channel protection for a shared memory controller

Author

Yao Wang ; Ferraiuolo, Andrew ; Suh, G. Edward

Author_Institution

Cornell Univ., Ithaca, NY, USA

fYear

2014

fDate

15-19 Feb. 2014

Firstpage

225

Lastpage

236

Abstract

This paper proposes a new memory controller design that enables secure sharing of main memory among mutually mistrusting parties by eliminating memory timing channels. This study demonstrates that shared memory controllers are vulnerable to both side channel and covert channel attacks that exploit memory interference as timing channels. To address this vulnerability, we identify the sources of interference in a conventional memory controller design, and propose a protection scheme to eliminate the interference across security domains through two main changes: (i) a per security domain based queueing structure, and (ii) static allocation of time slots in the scheduling algorithm. Multi-programmed workloads comprised of SPEC2006 benchmarks were used to evaluate the protection scheme. The results show that the proposed scheme completely eliminates the timing channels in the shared memory with small hardware and performance overheads.

Keywords

multiprogramming; queueing theory; shared memory systems; trusted computing; SPEC2006 benchmark; conventional memory controller design; covert channel attack; hardware overhead; interference across security domain; memory interference; memory timing channel; multiprogrammed workload; mutually mistrusting party; performance overhead; protection scheme; scheduling algorithm; secure sharing; security domain based queueing structure; shared memory controller; side channel; static allocation; timing channel protection; Abstracts; Random access memory; Security; Software; Timing; Tin; Virtual machining;

fLanguage

English

Publisher

ieee

Conference_Titel

High Performance Computer Architecture (HPCA), 2014 IEEE 20th International Symposium on

Conference_Location

Orlando, FL

Type

conf

DOI

10.1109/HPCA.2014.6835934

Filename

6835934