Abstract:
Computer hardware is increasingly shared by distrusting parties in platforms such as commercial clouds and web servers. Though hardware sharing is critical for performanc...Show MoreMetadata
Abstract:
Computer hardware is increasingly shared by distrusting parties in platforms such as commercial clouds and web servers. Though hardware sharing is critical for performance and efficiency, this sharing creates timing-channel vulnerabilities in hardware components such as memory controllers and shared memory. Past work on timing-channel protection for memory controllers assumes all parties are mutually distrusting and require timing-channel protection. This assumption limits the capability of the memory controller to allocate resources effectively, and causes severe performance penalties. Further, the assumption that all entities are mutually distrusting is often a poor fit for the security needs of real systems. Often, some entities do not require timing-channel protection or trust others with information. We propose lattice priority scheduling (LPS), a secure memory scheduling algorithm that improves performance by more precisely meeting the target system's security requirements, expressed as a lattice policy. We evaluate LPS in a simulated 8-core microprocessor. Compared to prior solutions [34], lattice priority scheduling improves system throughput by over 30% on average and by up to 84% for some workloads.
Date of Conference: 12-16 March 2016
Date Added to IEEE Xplore: 04 April 2016
Electronic ISBN:978-1-4673-9211-2
Electronic ISSN: 2378-203X
Keywords assist with retrieval of results and provide a means to discovering other relevant content. Learn more.
- IEEE Keywords
- Timing ,
- Security ,
- Lattices ,
- Throughput ,
- Processor scheduling ,
- Hardware ,
- Schedules
- Index Terms
- Memory Control ,
- Shared Memory ,
- Target System ,
- Scheduling Algorithm ,
- System Throughput ,
- Protective Memory ,
- Start Time ,
- Group Processes ,
- Access Control ,
- Security Policy ,
- Dead Time ,
- Activity Classification ,
- Side-channel ,
- Threat Model ,
- Security Model ,
- Lattice Model ,
- Epoch Length ,
- Class Schedule ,
- Data Cache ,
- Dynamic Scheduling ,
- Network-on-chip ,
- Cache Size ,
- Scheduling Decisions ,
- Virtual Memory ,
- Memory Bandwidth ,
- Misprediction ,
- Partial Order ,
- Less Than Or Equal ,
- Dynamic Allocation ,
- Scheduling Performance
Contents Keywords assist with retrieval of results and provide a means to discovering other relevant content. Learn more.
- IEEE Keywords
- Timing ,
- Security ,
- Lattices ,
- Throughput ,
- Processor scheduling ,
- Hardware ,
- Schedules
- Index Terms
- Memory Control ,
- Shared Memory ,
- Target System ,
- Scheduling Algorithm ,
- System Throughput ,
- Protective Memory ,
- Start Time ,
- Group Processes ,
- Access Control ,
- Security Policy ,
- Dead Time ,
- Activity Classification ,
- Side-channel ,
- Threat Model ,
- Security Model ,
- Lattice Model ,
- Epoch Length ,
- Class Schedule ,
- Data Cache ,
- Dynamic Scheduling ,
- Network-on-chip ,
- Cache Size ,
- Scheduling Decisions ,
- Virtual Memory ,
- Memory Bandwidth ,
- Misprediction ,
- Partial Order ,
- Less Than Or Equal ,
- Dynamic Allocation ,
- Scheduling Performance
