Presentation is loading. Please wait.

Presentation is loading. Please wait.

TitleEfficient Timing Channel Protection for On-Chip Networks Yao Wang and G. Edward Suh Cornell University.

Published byElisabeth Ross Modified over 8 years ago

Similar presentations

Presentation on theme: "TitleEfficient Timing Channel Protection for On-Chip Networks Yao Wang and G. Edward Suh Cornell University."— Presentation transcript:

1 TitleEfficient Timing Channel Protection for On-Chip Networks Yao Wang and G. Edward Suh Cornell University

2 TitleEfficient Timing Channel Protection for On-Chip Networks  Future large-scale multi-cores will be shared among multiple applications / virtual machines On-Chip Networks are Shared Resources NOCS 20122/21 Virtual Machine A Virtual Machine B

3 TitleEfficient Timing Channel Protection for On-Chip Networks Problem: Timing Channels  Shared NoC causes interference NOCS 20123/21 Virtual Machine A Virtual Machine B  Network interference introduces timing channels Side channel Covert channel  High assurance systems requires security guarantee Example: Corporate virtual machines on the cloud

4 TitleEfficient Timing Channel Protection for On-Chip Networks RSA Example  RSA : a public key cryptographic algorithm Prone to timing channel attacks NOCS 20124/21 Core 0 MC 0 Core 1 MC 1 Core 2 MC 2 Crossbar RSAAttacker key: 0110…

5 TitleEfficient Timing Channel Protection for On-Chip Networks RSA Example  RSA : a public key cryptographic algorithm Prone to timing channel attacks NOCS 20125/21

6 TitleEfficient Timing Channel Protection for On-Chip Networks Outline  Objective: Eliminate timing channels through the shared on-chip networks Completely eliminate information leakage Low performance overhead  Rest of the talk Potential approaches Our solution Evaluation Related work Conclusion NOCS 20126/21

7 TitleEfficient Timing Channel Protection for On-Chip Networks Use Quality-of-Service?  QoS techniques provide performance isolation to different network flows  QoS techniques are not enough for security A flow can use bandwidth beyond its allocation Bandwidth utilization reveals the flow demand NOCS 20127/21 Flow A Demand Flow B Demand Flow A BW utilization 100% 0% 12 A B Bandwidth allocation A: 50% B: 50% 50% 100%

8 TitleEfficient Timing Channel Protection for On-Chip Networks Static Partitioning  To eliminate timing channels, resource allocation cannot depend on run-time demands  Static partitioning Spatial Network Partitioning (SNP) Temporal Network Partitioning (TNP)  Completely eliminate the timing channels High performance overhead NOCS 20128/21 SNPTNP Cycle 0 Cycle 1 … VM A VM B

9 TitleEfficient Timing Channel Protection for On-Chip Networks One-Way Information Leak Protection  Usually only one-way information protection is needed Multi-level security (MLS) model  One-way protection is the key for efficient timing channel protection NOCS 20129/21 Personal APP (Music Player) Business App (Bank Management) Regular VM Corporate VM Low-Security Domain High-Security Domain Information flow PC Cloud Computing In general

10 TitleEfficient Timing Channel Protection for On-Chip Networks Timing Channel through NoC NOCS 201210/21 HS demand 01 1 LS throughput HS: High-Security Domain LS: Low-Security Domain HS ---> LS

11 TitleEfficient Timing Channel Protection for On-Chip Networks  Reversed Priority Assign high priority to low-security domain The behavior (throughput, latency) of low-security domain is not affected by high-security domain  Static Limits Low-security domain could initialize Denial-of-Service (DoS) attack Static limit controls the amount of traffic that low-security domain can send during a certain interval Reversed Priority with Static Limits (RPSL) NOCS 201211/21

12 TitleEfficient Timing Channel Protection for On-Chip Networks Implementation: Avoid Interference  Priority-based separable allocator Input arbiter & Output arbiter  Static virtual channel allocation Avoid head-of-line blocking NOCS 201212/21 Router Virtual Channels Input link 0 1 2 3 Low-security Domain High-security Domain

13 TitleEfficient Timing Channel Protection for On-Chip Networks  Static limit control mechanism Counter & Control logic  Apply to both input and output arbiter Implementation: Avoid DoS NOCS 201213/21 Priority- based Arbiter Counter Requests Winning Request Static limit Control Low-security Domain High-security Domain Input Arbiter

14 TitleEfficient Timing Channel Protection for On-Chip Networks Benefits of One-Way Protection NOCS 201214/21 Time BW Utilization Total BW HS LS Round-robin Allocator LS HS Time BW Utilization Total BW HS LS Temporal Network Partitioning LS HS Time BW Utilization Total BW HS LS HS RPSL 12 LS HS

15 TitleEfficient Timing Channel Protection for On-Chip Networks Experimental Setup  Goals of experiments Timing channel protection DoS protection Performance overhead  Darsim: cycle-level NoC simulator  Comparison of three schemes Round-robin allocator (ISLIP) Temporal Network Partitioning (TNP) Reversed Priority with Static Limits (RPSL) NOCS 201215/21

16 TitleEfficient Timing Channel Protection for On-Chip Networks Timing Channel: No Protection  Simple network  Round-robin allocator NOCS 201216/21 1234 Low-security Domain High-security Domain HS LS

17 TitleEfficient Timing Channel Protection for On-Chip Networks Timing Channel: Two-way Protection  Simple network  Temporal Network Partitioning NOCS 201217/21 1234 Low-security Domain High-security Domain HS LS 0.4/1.0

18 TitleEfficient Timing Channel Protection for On-Chip Networks Timing Channel: One-way Protection  Simple network  Reversed Priority with Static Limits (Static limit = 0.8) NOCS 201218/21 1234 Low-security Domain High-security Domain HS LS 1.0/1.0

19 TitleEfficient Timing Channel Protection for On-Chip Networks Performance  Applications show bursty traffic  RPSL is efficient for bursty traffic NOCS 201219/21 HIGH LOW

20 TitleEfficient Timing Channel Protection for On-Chip Networks Related Work  Side-channel protection Shared resources are prone to side-channel attacks, e.g. shared caches, branch prediction Cannot be applied to NoC  QoS schemes Allows resource usage beyond allocation Insufficient to prevent timing channel attacks  Composability Remove interference between applications for fast integration Require bi-directional non-interference, incur high performance overhead NOCS 201220/21

21 TitleEfficient Timing Channel Protection for On-Chip Networks Conclusion  Shared on-chip networks introduce timing channels Prevent effective sharing of large-scale NoC in high assurance systems  One-way timing channel protection is sufficient in many situations  RPSL provides efficient one-way timing channel protection Incurs low performance overhead NOCS 201221/21

22 TitleEfficient Timing Channel Protection for On-Chip Networks Extend to Multiple Domains NOCS 201222

23 TitleEfficient Timing Channel Protection for On-Chip Networks Denial-of-Service Protection (RPSL)  Simple network NOCS 201223 1234 Low-security Domain High-security Domain HS LS Static Limit on LS

24 TitleEfficient Timing Channel Protection for On-Chip Networks Synthetic Traffic Patterns  6-by-6 mesh network  Two security domains  Transpose traffic NOCS 201224 Round-robinTemporal Network PartitioningRPSL HIGH LOW LS offered BW

25 TitleEfficient Timing Channel Protection for On-Chip Networks Synthetic Traffic Patterns  6-by-6 mesh network  Two security domains  Hotspot Traffic NOCS 201225 HIGH LOW Round-robinTemporal Network PartitioningRPSL

Download ppt "TitleEfficient Timing Channel Protection for On-Chip Networks Yao Wang and G. Edward Suh Cornell University."

Similar presentations

Adaptive Backpressure: Efficient Buffer Management for On-Chip Networks Daniel U. Becker, Nan Jiang, George Michelogiannakis, William J. Dally Stanford.

Adaptive Backpressure: Efficient Buffer Management for On-Chip Networks Daniel U. Becker, Nan Jiang, George Michelogiannakis, William J. Dally Stanford.
Making Time-stepped Applications Tick in the Cloud Tao Zou, Guozhang Wang, Marcos Vaz Salles*, David Bindel, Alan Demers, Johannes Gehrke, Walker White.

Making Time-stepped Applications Tick in the Cloud Tao Zou, Guozhang Wang, Marcos Vaz Salles*, David Bindel, Alan Demers, Johannes Gehrke, Walker White.
VSMC MIMO: A Spectral Efficient Scheme for Cooperative Relay in Cognitive Radio Networks 1.

VSMC MIMO: A Spectral Efficient Scheme for Cooperative Relay in Cognitive Radio Networks 1.
1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.

1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—8-1 MPLS TE Overview Introducing the TE Concept.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—8-1 MPLS TE Overview Introducing the TE Concept.
REAL-TIME COMMUNICATION ANALYSIS FOR NOCS WITH WORMHOLE SWITCHING Presented by Sina Gholamian, 1 09/11/2011.

REAL-TIME COMMUNICATION ANALYSIS FOR NOCS WITH WORMHOLE SWITCHING Presented by Sina Gholamian, 1 09/11/2011.
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.

 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
A Flexible Model for Resource Management in Virtual Private Networks Presenter: Huang, Rigao Kang, Yuefang.

A Flexible Model for Resource Management in Virtual Private Networks Presenter: Huang, Rigao Kang, Yuefang.
Technion – Israel Institute of Technology Qualcomm Corp. Research and Development, San Diego, California Leveraging Application-Level Requirements in the.

Technion – Israel Institute of Technology Qualcomm Corp. Research and Development, San Diego, California Leveraging Application-Level Requirements in the.
Reporter: Bo-Yi Shiu Date: 2011/05/27 Virtual Point-to-Point Connections for NoCs Mehdi Modarressi, Arash Tavakkol, and Hamid Sarbazi- Azad IEEE TRANSACTIONS.

Reporter: Bo-Yi Shiu Date: 2011/05/27 Virtual Point-to-Point Connections for NoCs Mehdi Modarressi, Arash Tavakkol, and Hamid Sarbazi- Azad IEEE TRANSACTIONS.
Allocator Implementations for Network-on-Chip Routers Daniel U. Becker and William J. Dally Concurrent VLSI Architecture Group Stanford University.

Allocator Implementations for Network-on-Chip Routers Daniel U. Becker and William J. Dally Concurrent VLSI Architecture Group Stanford University.
Network based System on Chip Final Presentation Part B Performed by: Medvedev Alexey Supervisor: Walter Isaschar (Zigmond) Winter-Spring 2006.

Network based System on Chip Final Presentation Part B Performed by: Medvedev Alexey Supervisor: Walter Isaschar (Zigmond) Winter-Spring 2006.
Network based System on Chip Part A Performed by: Medvedev Alexey Supervisor: Walter Isaschar (Zigmond) Winter-Spring 2006.

Network based System on Chip Part A Performed by: Medvedev Alexey Supervisor: Walter Isaschar (Zigmond) Winter-Spring 2006.
Lei Wang, Yuho Jin, Hyungjun Kim and Eun Jung Kim

Lei Wang, Yuho Jin, Hyungjun Kim and Eun Jung Kim
Predictive Load Balancing Reconfigurable Computing Group.

Predictive Load Balancing Reconfigurable Computing Group.
Rotary Router : An Efficient Architecture for CMP Interconnection Networks Pablo Abad, Valentín Puente, Pablo Prieto, and Jose Angel Gregorio University.

Rotary Router : An Efficient Architecture for CMP Interconnection Networks Pablo Abad, Valentín Puente, Pablo Prieto, and Jose Angel Gregorio University.
Yinglei Wang, Wing-kei Yu, Sarah Q. Xu, Edwin Kan, and G. Edward Suh Cornell University Tuan Tran.

Yinglei Wang, Wing-kei Yu, Sarah Q. Xu, Edwin Kan, and G. Edward Suh Cornell University Tuan Tran.
Performance and Power Efficient On-Chip Communication Using Adaptive Virtual Point-to-Point Connections M. Modarressi, H. Sarbazi-Azad, and A. Tavakkol.

Performance and Power Efficient On-Chip Communication Using Adaptive Virtual Point-to-Point Connections M. Modarressi, H. Sarbazi-Azad, and A. Tavakkol.
Localized Asynchronous Packet Scheduling for Buffered Crossbar Switches Deng Pan and Yuanyuan Yang State University of New York Stony Brook.

Localized Asynchronous Packet Scheduling for Buffered Crossbar Switches Deng Pan and Yuanyuan Yang State University of New York Stony Brook.
McRouter: Multicast within a Router for High Performance NoCs

McRouter: Multicast within a Router for High Performance NoCs

Similar presentations

Ads by Google