DAGguise: mitigating memory timing side channels
- 22 February 2022
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM) in Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems
Abstract
This paper studies the mitigation of memory timing side channels, where attackers utilize contention within DRAM controllers to infer a victim’s secrets. Already practical, this class of channels poses an important challenge to secure computing in shared memory environments. Existing state-of-the-art memory timing side channel mitigations have several key performance and security limitations. Prior schemes require onerous static bandwidth partitioning, extensive profiling phases, or simply fail to protect against attacks which exploit fine-grained timing and bank information. We present DAGguise, a defense mechanism which fully protects against memory timing side channels while allowing for dynamic traffic contention in order to achieve good performance. DAGguise utilizes a novel abstract memory access representation, the Directed Acyclic Request Graph (rDAG for short), to model memory access patterns which experience contention. DAGguise shapes a victim’s memory access patterns according to a publicly known rDAG obtained through a lightweight profiling stage, completely eliminating information leakage. We formally verify the security of DAGguise, proving that it maintains strong security guarantees. Moreover, by allowing dynamic traffic contention, DAGguise achieves a 12% overall system speedup relative to Fixed Service, which is the state-of-the-art mitigation mechanism, with up to a 20% relative speedup for co-located applications which do not require protection. We further claim that the principles of DAGguise can be generalized to protect against other types of scheduler-based timing side channels, such as those targeting on-chip networks, or functional units in SMT cores.Keywords
Funding Information
- National Science Foundation (CNS-2046359)
- Air Force Office of Scientific Research (FA9550-20-1-0402)
This publication has 22 references indexed in Scilit:
- Avoiding information leakage in the memory controller with fixed service policiesPublished by Association for Computing Machinery (ACM) ,2015
- Last-Level Cache Side-Channel Attacks are PracticalPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Suppressing the Oblivious RAM timing channel while making information leakage and program efficiency trade-offsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2014
- Timing channel protection for a shared memory controllerPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2014
- Generalized external interaction with tamper-resistant hardware with bounded information leakagePublished by Association for Computing Machinery (ACM) ,2013
- SurfNoCPublished by Association for Computing Machinery (ACM) ,2013
- A secure processor architecture for encrypted computation on untrusted programsPublished by Association for Computing Machinery (ACM) ,2012
- The gem5 simulatorACM SIGARCH Computer Architecture News, 2011
- Using SimPoint for accurate and efficient simulationPublished by Association for Computing Machinery (ACM) ,2003
- Checking Safety Properties Using Induction and a SAT-SolverLecture Notes in Computer Science, 2000