Scheduling, isolation, and cache allocation: A side-channel defense

Read Sprabery, Konstantin Evchenko, Abhilash Raj, Rakesh B. Bobba, Sibin Mohan, Roy Campbell

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Despite the isolation mechanisms that are available to cloud service providers, like virtual machines and containers, the problem of side-channel vulnerabilities due to shared caches and multicore processors remains a threat. We present a hardware-software mechanism that improves the isolation of cloud processes in the presence of shared caches on multicore chips. Our technique can enable cache-side-channel free computing for Linux-based containers and virtual machines by com-bining the Intel CAT architecture that enables cache partitioning with novel scheduling techniques and state cleansing mechanisms. We evaluate our system using a CPU-bound workload and demonstrate cache-side-channel-free computation that is correct by construction. Our system allows Simultaneous Multithreading to remain enabled and does not require application level changes.

Original languageEnglish (US)
Title of host publicationProceedings - 2018 IEEE International Conference on Cloud Engineering, IC2E 2018
EditorsJie Li, Abhishek Chandra, Tian Guo, Ying Cai
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages34-40
Number of pages7
ISBN (Electronic)9781538650080
DOIs
StatePublished - May 16 2018
Event2018 IEEE International Conference on Cloud Engineering, IC2E 2018 - Orlando, United States
Duration: Apr 17 2018Apr 20 2018

Publication series

NameProceedings - 2018 IEEE International Conference on Cloud Engineering, IC2E 2018

Other

Other2018 IEEE International Conference on Cloud Engineering, IC2E 2018
Country/TerritoryUnited States
CityOrlando
Period4/17/184/20/18

Keywords

  • Cache
  • Defense
  • Scheduler
  • Side channel

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture

Fingerprint

Dive into the research topics of 'Scheduling, isolation, and cache allocation: A side-channel defense'. Together they form a unique fingerprint.

Cite this