Lightweight Timing Channel Protection for Shared DRAM Controller

The shared memory controllers of Single-Chip Cloud computing processors are vulnerable to timing-channel attacks. Existing protection strategies based on fixed memory bandwidth assignment degrade processor performance and severely harm the experience of cloud-users. This paper proposes a novel light-weight timing channel protection scheme against both side channel and covert channel attacks to the shared memory controllers of cloud Chip Multi-Processors (CMPs). Instead of enforcing a fixed time-slot assignment to the applications, we go an entirely different technical route and utilize the background DRAM refresh as a free noise source to eliminate the time correlation between victim and attacker applications. The proposed protection framework, MemJam, relies on emerging Fine-Grained Refresh technology to achieve the effects of timing channel obfuscation. Multi-programmed workloads running in a cloud CMP were used to evaluate the protection method. The results show that the light-weight refresh-based noise can effectively block the timing-channel between user applications, and achieve up to $1. 69\sim 3\mathrm {X}$ memory performance boost compared to prior solutions.

[1]  Gernot Heiser,et al.  An Analysis of Power Consumption in a Smartphone , 2010, USENIX Annual Technical Conference.

[2]  Aamer Jaleel,et al.  DRAMsim: a memory system simulator , 2005, CARN.

[3]  David R. Kaeli,et al.  Multi2Sim: A simulation framework for CPU-GPU computing , 2012, 2012 21st International Conference on Parallel Architectures and Compilation Techniques (PACT).

[4]  Per Larsen,et al.  Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity , 2015, NDSS.

[5]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[6]  Yao Wang,et al.  Timing channel protection for a shared memory controller , 2014, HPCA.

[7]  Seth H. Pugsley,et al.  Memory bandwidth reservation in the cloud to avoid information leakage in the memory controller , 2014, HASP@ISCA.

[8]  Timothy Mattson,et al.  A 48-Core IA-32 message-passing processor with DVFS in 45nm CMOS , 2010, 2010 IEEE International Solid-State Circuits Conference - (ISSCC).

[9]  Richard Veras,et al.  RAIDR: Retention-aware intelligent DRAM refresh , 2012, 2012 39th Annual International Symposium on Computer Architecture (ISCA).

[10]  H. Oda,et al.  Leakage current observation on irregular local PN junctions forming the tail distribution of DRAM retention characteristics, with new test structure , 1998, International Electron Devices Meeting 1998. Technical Digest (Cat. No.98CH36217).

[11]  Melvin A. Breuer,et al.  Novel test pattern generators for pseudo-exhaustive testing , 1993, Proceedings of IEEE International Test Conference - (ITC).

[12]  Melvin A. Breuer,et al.  Novel Test Pattern Generators for Pseudoexhaustive Testing , 2000, IEEE Trans. Computers.

[13]  Luca Benini,et al.  Energy-Efficient Value-Based Selective Refresh for Embedded DRAMs , 2005, PATMOS.

[14]  Jonathan K. Millen Finite-state noiseless covert channels , 1989, Proceedings of the Computer Security Foundations Workshop II,.

[15]  Ira S. Moskowitz,et al.  The channel capacity of a certain noisy timing channel , 1992, IEEE Trans. Inf. Theory.