Yu Wang, Danfeng Zhang, Yao Wang, Ed Suh, A. Myers, Andrew Ferraiuolo, G. Suh, Nithin Michael, A. Tang, Jiang Xu, Huazhong Yang
{"title":"片上网络的有效时序通道保护","authors":"Yu Wang, Danfeng Zhang, Yao Wang, Ed Suh, A. Myers, Andrew Ferraiuolo, G. Suh, Nithin Michael, A. Tang, Jiang Xu, Huazhong Yang","doi":"10.1109/NOCS.2012.24","DOIUrl":null,"url":null,"abstract":"On-chip network is often dynamically shared among applications that are concurrently running on a chip-multiprocessor (CMP). In general, such shared resources imply that applications can affect each other's timing characteristics through interference in shared resources. For example, in on-chip networks, multiple flows can compete for links and buffers. We show that this interference is an attack vector through which a malicious application may be able to infer data-dependent information about other applications (side channel attacks), or two applications can exchange information covertly when direct communications are prohibited (covert channel attacks). To prevent these timing channel attacks, we propose an efficient scheme which uses priority-based arbitration and a static limit mechanism to provide one-way information-leak protection. The proposed technique requires minimal changes to the router hardware. The simulation results show that the protection scheme effectively eliminates a timing channel from high-security to low-security domains with minimal performance overheads for realistic traffic patterns.","PeriodicalId":6333,"journal":{"name":"2012 IEEE/ACM Sixth International Symposium on Networks-on-Chip","volume":"1 1","pages":"142-151"},"PeriodicalIF":0.0000,"publicationDate":"2012-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"117","resultStr":"{\"title\":\"Efficient Timing Channel Protection for On-Chip Networks\",\"authors\":\"Yu Wang, Danfeng Zhang, Yao Wang, Ed Suh, A. Myers, Andrew Ferraiuolo, G. Suh, Nithin Michael, A. Tang, Jiang Xu, Huazhong Yang\",\"doi\":\"10.1109/NOCS.2012.24\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"On-chip network is often dynamically shared among applications that are concurrently running on a chip-multiprocessor (CMP). In general, such shared resources imply that applications can affect each other's timing characteristics through interference in shared resources. For example, in on-chip networks, multiple flows can compete for links and buffers. We show that this interference is an attack vector through which a malicious application may be able to infer data-dependent information about other applications (side channel attacks), or two applications can exchange information covertly when direct communications are prohibited (covert channel attacks). To prevent these timing channel attacks, we propose an efficient scheme which uses priority-based arbitration and a static limit mechanism to provide one-way information-leak protection. The proposed technique requires minimal changes to the router hardware. The simulation results show that the protection scheme effectively eliminates a timing channel from high-security to low-security domains with minimal performance overheads for realistic traffic patterns.\",\"PeriodicalId\":6333,\"journal\":{\"name\":\"2012 IEEE/ACM Sixth International Symposium on Networks-on-Chip\",\"volume\":\"1 1\",\"pages\":\"142-151\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-05-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"117\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 IEEE/ACM Sixth International Symposium on Networks-on-Chip\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NOCS.2012.24\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE/ACM Sixth International Symposium on Networks-on-Chip","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NOCS.2012.24","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Efficient Timing Channel Protection for On-Chip Networks
On-chip network is often dynamically shared among applications that are concurrently running on a chip-multiprocessor (CMP). In general, such shared resources imply that applications can affect each other's timing characteristics through interference in shared resources. For example, in on-chip networks, multiple flows can compete for links and buffers. We show that this interference is an attack vector through which a malicious application may be able to infer data-dependent information about other applications (side channel attacks), or two applications can exchange information covertly when direct communications are prohibited (covert channel attacks). To prevent these timing channel attacks, we propose an efficient scheme which uses priority-based arbitration and a static limit mechanism to provide one-way information-leak protection. The proposed technique requires minimal changes to the router hardware. The simulation results show that the protection scheme effectively eliminates a timing channel from high-security to low-security domains with minimal performance overheads for realistic traffic patterns.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
