TitleEfficient Timing Channel Protection for On-Chip Networks Yao Wang and G. Edward Suh Cornell University
TitleEfficient Timing Channel Protection for On-Chip Networks Future large-scale multi-cores will be shared among multiple applications / virtual machines On-Chip Networks are Shared Resources NOCS 20122/21 Virtual Machine A Virtual Machine B
TitleEfficient Timing Channel Protection for On-Chip Networks Problem: Timing Channels Shared NoC causes interference NOCS 20123/21 Virtual Machine A Virtual Machine B Network interference introduces timing channels Side channel Covert channel High assurance systems requires security guarantee Example: Corporate virtual machines on the cloud
TitleEfficient Timing Channel Protection for On-Chip Networks RSA Example RSA : a public key cryptographic algorithm Prone to timing channel attacks NOCS 20124/21 Core 0 MC 0 Core 1 MC 1 Core 2 MC 2 Crossbar RSAAttacker key: 0110…
TitleEfficient Timing Channel Protection for On-Chip Networks RSA Example RSA : a public key cryptographic algorithm Prone to timing channel attacks NOCS 20125/21
TitleEfficient Timing Channel Protection for On-Chip Networks Outline Objective: Eliminate timing channels through the shared on-chip networks Completely eliminate information leakage Low performance overhead Rest of the talk Potential approaches Our solution Evaluation Related work Conclusion NOCS 20126/21
TitleEfficient Timing Channel Protection for On-Chip Networks Use Quality-of-Service? QoS techniques provide performance isolation to different network flows QoS techniques are not enough for security A flow can use bandwidth beyond its allocation Bandwidth utilization reveals the flow demand NOCS 20127/21 Flow A Demand Flow B Demand Flow A BW utilization 100% 0% 12 A B Bandwidth allocation A: 50% B: 50% 50% 100%
TitleEfficient Timing Channel Protection for On-Chip Networks Static Partitioning To eliminate timing channels, resource allocation cannot depend on run-time demands Static partitioning Spatial Network Partitioning (SNP) Temporal Network Partitioning (TNP) Completely eliminate the timing channels High performance overhead NOCS 20128/21 SNPTNP Cycle 0 Cycle 1 … VM A VM B
TitleEfficient Timing Channel Protection for On-Chip Networks One-Way Information Leak Protection Usually only one-way information protection is needed Multi-level security (MLS) model One-way protection is the key for efficient timing channel protection NOCS 20129/21 Personal APP (Music Player) Business App (Bank Management) Regular VM Corporate VM Low-Security Domain High-Security Domain Information flow PC Cloud Computing In general
TitleEfficient Timing Channel Protection for On-Chip Networks Timing Channel through NoC NOCS /21 HS demand 01 1 LS throughput HS: High-Security Domain LS: Low-Security Domain HS ---> LS
TitleEfficient Timing Channel Protection for On-Chip Networks Reversed Priority Assign high priority to low-security domain The behavior (throughput, latency) of low-security domain is not affected by high-security domain Static Limits Low-security domain could initialize Denial-of-Service (DoS) attack Static limit controls the amount of traffic that low-security domain can send during a certain interval Reversed Priority with Static Limits (RPSL) NOCS /21
TitleEfficient Timing Channel Protection for On-Chip Networks Implementation: Avoid Interference Priority-based separable allocator Input arbiter & Output arbiter Static virtual channel allocation Avoid head-of-line blocking NOCS /21 Router Virtual Channels Input link Low-security Domain High-security Domain
TitleEfficient Timing Channel Protection for On-Chip Networks Static limit control mechanism Counter & Control logic Apply to both input and output arbiter Implementation: Avoid DoS NOCS /21 Priority- based Arbiter Counter Requests Winning Request Static limit Control Low-security Domain High-security Domain Input Arbiter
TitleEfficient Timing Channel Protection for On-Chip Networks Benefits of One-Way Protection NOCS /21 Time BW Utilization Total BW HS LS Round-robin Allocator LS HS Time BW Utilization Total BW HS LS Temporal Network Partitioning LS HS Time BW Utilization Total BW HS LS HS RPSL 12 LS HS
TitleEfficient Timing Channel Protection for On-Chip Networks Experimental Setup Goals of experiments Timing channel protection DoS protection Performance overhead Darsim: cycle-level NoC simulator Comparison of three schemes Round-robin allocator (ISLIP) Temporal Network Partitioning (TNP) Reversed Priority with Static Limits (RPSL) NOCS /21
TitleEfficient Timing Channel Protection for On-Chip Networks Timing Channel: No Protection Simple network Round-robin allocator NOCS / Low-security Domain High-security Domain HS LS
TitleEfficient Timing Channel Protection for On-Chip Networks Timing Channel: Two-way Protection Simple network Temporal Network Partitioning NOCS / Low-security Domain High-security Domain HS LS 0.4/1.0
TitleEfficient Timing Channel Protection for On-Chip Networks Timing Channel: One-way Protection Simple network Reversed Priority with Static Limits (Static limit = 0.8) NOCS / Low-security Domain High-security Domain HS LS 1.0/1.0
TitleEfficient Timing Channel Protection for On-Chip Networks Performance Applications show bursty traffic RPSL is efficient for bursty traffic NOCS /21 HIGH LOW
TitleEfficient Timing Channel Protection for On-Chip Networks Related Work Side-channel protection Shared resources are prone to side-channel attacks, e.g. shared caches, branch prediction Cannot be applied to NoC QoS schemes Allows resource usage beyond allocation Insufficient to prevent timing channel attacks Composability Remove interference between applications for fast integration Require bi-directional non-interference, incur high performance overhead NOCS /21
TitleEfficient Timing Channel Protection for On-Chip Networks Conclusion Shared on-chip networks introduce timing channels Prevent effective sharing of large-scale NoC in high assurance systems One-way timing channel protection is sufficient in many situations RPSL provides efficient one-way timing channel protection Incurs low performance overhead NOCS /21
TitleEfficient Timing Channel Protection for On-Chip Networks Extend to Multiple Domains NOCS
TitleEfficient Timing Channel Protection for On-Chip Networks Denial-of-Service Protection (RPSL) Simple network NOCS Low-security Domain High-security Domain HS LS Static Limit on LS
TitleEfficient Timing Channel Protection for On-Chip Networks Synthetic Traffic Patterns 6-by-6 mesh network Two security domains Transpose traffic NOCS Round-robinTemporal Network PartitioningRPSL HIGH LOW LS offered BW
TitleEfficient Timing Channel Protection for On-Chip Networks Synthetic Traffic Patterns 6-by-6 mesh network Two security domains Hotspot Traffic NOCS HIGH LOW Round-robinTemporal Network PartitioningRPSL