1 of 27

CS-773 Paper Presentation��DAWG

Dynamically Allocated Way Guard

Saksham Gupta�Misfits (#2)

180070049@iitb.ac.in

1

2 of 27

The Threat

2

SHARED LLC

3 of 27

Cache State Based Attacks

3

4 of 27

Cache State Based Attacks

4

5 of 27

Defense Mechanism

Many fronts of Defence - with tradeoffs

Goal-

Close the cache based side channel altogether

Maintain communication between OS and users

Minimal modifications to hardware

5

6 of 27

Earlier… Set Partitioning at Page level

6

7 of 27

Proposed - Way Partitioning

7

Way 1

Index

0

1

2

255

Way 2

Way 3

Way 4

Thread 1

Thread 2

8 of 27

Intel Cache Allocation Technology (CAT)

8

Way 1

Index

0

1

2

255

Way 2

Way 3

Way 4

Looking For Hits

Insecure Way Partitioning - still vulnerable

Victim Selection

9 of 27

DAWG - Secure Way Partitioning

9

Way 1

Index

0

1

2

255

Way 2

Way 3

Way 4

Looking For Hits

Victim Selection

10 of 27

Implementation-Policy Tables

For a 2 way set associative Cache

Stored in Model Specific registers(MSR)

10

domain_id

policy_fillmap

policy_hitmap

Way 0

Way 1

Way 0

Way 1

0

1

0

1

0

1

0

1

0

1

11 of 27

Dynamic Reallocation

11

Consider re-allocating Way 1 to Domain 0

domain_id

policy_fillmap

policy_hitmap

Way 0

Way 1

Way 0

Way 1

0

1

0

1

0

1

0

1->0

0

1

Step 1

Update policy_fillmap of Way 1

12 of 27

Dynamic Reallocation

12

Consider re-allocating Way 1 to Domain 0

domain_id

policy_fillmap

policy_hitmap

Way 0

Way 1

Way 0

Way 1

0

1

0

1

0

1

0

0

0

0

Step 2

Flush

Flush Way 1 from all sets

13 of 27

Dynamic Reallocation

13

Consider re-allocating Way 1 to Domain 0

domain_id

policy_fillmap

policy_hitmap

Way 0

Way 1

Way 0

Way 1

0

1

0

1

0

1

0

0

0

1->0

Step 3

Update policy_hitmap of Way 1

14 of 27

Dynamic Reallocation

14

Consider re-allocating Way 1 to Domain 0

domain_id

policy_fillmap

policy_hitmap

Way 0

Way 1

Way 0

Way 1

0

1

0->1

1

0->1

1

0

0

0

0

Step 4

Update MSRs for new allocation

15 of 27

Cache Coherence

  • Allow Shared state lines to be replicated
  • Request on same line respects isolation
  • Hardware not expected to handle a replicated Modified line-software prevents
  • Read only and Copy-on-Write (CoW) sharing across domains

15

16 of 27

Metadata leak - NRU Replacement

16

17 of 27

Metadata leak - NRU Replacement

17

18 of 27

Do we get our promised isolation?

Yes!

  • Non-interference of hits, misses and metadata

  • No leak from system calls- MSR writes are fences

18

19 of 27

However…Some Limitations

API call- a[b[i]] (i provided by receiver)

Receiver calls using a[j] - latency affected when b[i]=j

19

20 of 27

Evaluation Setup - Simulation

Using CAT as baseline

Most benchmarks have 4-7% slowdown

20

21 of 27

Evaluation Setup - Hardware

Haswell

20-way 30MB

L3 cache

21

22 of 27

Conclusion

22

23 of 27

Conclusion

23

24 of 27

Conclusion

24

25 of 27

DAWG- What we hope to achieve

Overcomes the problems

DAWG offers the desired partitioning

mechanism; we additionally enable two-way communication

between OS and applications, and handle mutually untrusted

peers at the same security level. We allow deduplication, shared

libraries, and memory mapping, which in prior work must all

be disabled.

25

26 of 27

DAWG Isolation Policies

Try making own 4 way

Isolated cache

Show dynamic also, by

changing number of ways allocated

26

27 of 27

Problem- technical

Cache Tag State (animate)

Cache Metadata Based (remove)

27