Defenses for main memory systems using memory controllers Wang, Bolin
Main memories are a key shared resource within modern computing systems. This thesis shows that memory controllers are prone to side/covert-channel vulnerabilities. The first vulnerability, called Drip-R, exploits the fact that row-buffer hits and misses incur different latency for the memory controller. The second vulnerability, called Drip-Q, leverages the read queue contention within the memory controller to fabricate differential latency. These differential latencies act as side/covert –channels and can be used to leak or receive data from other processes. To overcome these vulnerabilities, this thesis proposes two secure and high performance scheduling policies called Plumber-R and Plumber-Q, respectively. These policies work on the insight that request scheduling can be split into isolated epochs. We show that epochs can prevent the creation of side-channels within the memory controller and prohibit the attacker processes from leaking or receiving data using side-channels. Furthermore, within each isolated epoch, the memory requests can take advantage of row-buffer hits and improve performance. Our experiments show that, on average, Plumber-R and Plumber-Q provide 29% and 41% speedup over the prior state-of-the-art scheduling policies Close Page and Fixed Service.
Item Citations and Data
Attribution-NonCommercial-NoDerivatives 4.0 International