vCAT: Dynamic Cache Management Using CAT Virtualization

Xu, Meng; Thi, Linh; Phan, Xuan Thien; Choi, Hyon-Young; Lee, Insup

doi:10.1109/rtas.2017.15

Cited by 48 publications

(21 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The aforementioned constant-time implementation of AES is part of the SGX SDK source code. • Protection Bypass: Bypasses of remarkable protections such as proposals based on constant-time techniques [7,24], static and runtime analysis [27,28] and cache architecture [29,30,31,32].…”

Section: A Our Contributionmentioning

confidence: 99%

“…In particular, introducing redundancy and randomness to the S-Box tables for AES has been proposed [18]. A custom memory manager [40], relaxed inclusion caches [31] and solutions based on cache allocation technology (CAT) such as Catalyst [29] and vCat [32] are proposed to defend against LLC contention. Sanctum [30] and Ozone [41] are new processor designs with respect to cache attacks.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

MemJam: A False Dependency Attack Against Constant-Time Crypto Implementations

Moghimi¹,

Eisenbarth²,

Sunar³

2018

Int J Parallel Prog

View full text Add to dashboard Cite

Cache attacks exploit memory access patterns of cryptographic implementations. Constant-Time implementation techniques have become an indispensable tool in fighting cache timing attacks. These techniques engineer the memory accesses of cryptographic operations to follow a uniform key independent pattern. However, the constant-time behavior is dependent on the underlying architecture, which can be highly complex and often incorporates unpublished features. CacheBleed attack targets cache bank conflicts and thereby invalidates the assumption that microarchitectural side-channel adversaries can only observe memory with cache line granularity. In this work, we propose MemJam, a side-channel attack that exploits false dependency of memory read-after-write and provides a high quality intra cache level timing channel. As a proof of concept, we demonstrate the first key recovery attacks on a constant-time implementation of AES, and a SM4 implementation with cache protection in the current Intel Integrated Performance Primitives (Intel IPP) cryptographic library. Further, we demonstrate the first intra cache level timing attack on SGX by reproducing the AES key recovery results on an enclave that performs encryption using the aforementioned constant-time implementation of AES. Our results show that we can not only use this side channel to efficiently attack memory dependent cryptographic operations but also to bypass proposed protections. Compared to CacheBleed, which is limited to older processor generations, MemJam is the first intra cache level attack applicable to all major Intel processors including the latest generations that support the SGX extension.

show abstract

Section: A Our Contributionmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

MemJam: A False Dependency Attack Against Constant-Time Crypto Implementations

Moghimi¹,

Eisenbarth²,

Sunar³

2018

Int J Parallel Prog

View full text Add to dashboard Cite

show abstract

“…Xu et al [25] target minimization of resource contention due to shared LLCs. They propose vCAT that utilizes Intel's Cache Allocation Technology (CAT) [3] to provide virtual cache partitions.…”

Section: Open-source Hypervisorsmentioning

confidence: 99%

“…Xen with the RTDS scheduler and vCAT can provide reasonable hard real-time performance under the assumption that there exists a schedule according to CST for a predefined set of VMs with known resource requirements [24,25]. As a result, even though Xen is capable of dynamic VM management, creating VMs during runtime diminishes hard real-time guarantees since resource requirements and the system utilization changes.…”

Section: Open-source Hypervisorsmentioning

confidence: 99%

The need for deterministic virtualization in the industrial internet of things

Ruh

Steiner

2019

Proceedings of the Workshop on Fog Computing and the IoT

View full text Add to dashboard Cite

Real-Time virtualization is commonly accepted to act as one of the key enablers of Fog Computing and the Industrial Internet of Things (IIoT). We motivate requirements which any hypervisor qualifying as a deterministic virtualization solution for IIoT should fulfill. We characterize existing work in the field of real-time virtualization to illustrate the trade-off between flexibility and deterministic execution. Furthermore, we indicate a lack of hypervisors that meet all of our requirements on deterministic virtualization. Our preliminary experimental results comparing the system latencies of ACRN, KVM, and Xen RTDS support our claim for the need of further investigation of deterministic virtualization. CCS CONCEPTS • Computer systems organization → Real-time operating systems; Multicore architectures; Real-time system architecture.

show abstract

“…Cache resource. Several cache partitioning techniques have been proposed to reduce the shared cache interference [9,21,22,26,28,59,61,62,68,74]. The software-based approach reorganizes a task's memory layout to allocate a specific cache area to the task using, e.g., page coloring [28,39,67] or compiler-based [42] techniques.…”

Section: Related Workmentioning

confidence: 99%

Holistic Resource Allocation for Multicore Real-Time Systems

Phan

Choi

et al. 2019

2019 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS)

Self Cite

View full text Add to dashboard Cite

This paper presents CaM, a holistic cache and memory bandwidth resource allocation strategy for multicore real-time systems. CaM is designed for partitioned scheduling, where tasks are mapped onto cores, and the shared cache and memory bandwidth resources are partitioned among cores to reduce resource interferences due to concurrent accesses. Based on our extension of LITMUS RT with Intel's Cache Allocation Technology and MemGuard, we present an experimental evaluation of the relationship between the allocation of cache and memory bandwidth resources and a task's WCET. Our resource allocation strategy exploits this relationship to map tasks onto cores, and to compute the resource allocation for each core. By grouping tasks with similar characteristics (in terms of resource demands) to the same core, it enables tasks on each core to fully utilize the assigned resources. In addition, based on the tasks' execution time behaviors with respect to their assigned resources, we can determine a desirable allocation that maximizes schedulability under resource constraints. Extensive evaluations using real-world benchmarks show that CaM offers near optimal schedulability performance while being highly efficient, and that it substantially outperforms existing solutions.

show abstract

vCAT: Dynamic Cache Management Using CAT Virtualization

Cited by 48 publications

References 25 publications

MemJam: A False Dependency Attack Against Constant-Time Crypto Implementations

MemJam: A False Dependency Attack Against Constant-Time Crypto Implementations

The need for deterministic virtualization in the industrial internet of things

Holistic Resource Allocation for Multicore Real-Time Systems

Contact Info

Product

Resources

About