1 / 27

Defining Anomalous Behavior for Phase Change Memory

Defining Anomalous Behavior for Phase Change Memory. Siddhartha Chhabra and Yan Solihin Electrical and Computer Engineering North Carolina State University WEST-2010. Outline. Defining Anomalous Behavior Motivation Related Work Experimental Setup Anomaly Detection Mechanism

katen
Download Presentation

Defining Anomalous Behavior for Phase Change Memory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Defining Anomalous Behavior for Phase Change Memory Siddhartha Chhabra and Yan Solihin Electrical and Computer Engineering North Carolina State University WEST-2010

  2. Outline • Defining Anomalous Behavior • Motivation • Related Work • Experimental Setup • Anomaly Detection Mechanism • Writebacks Per Instruction (WPI) • Write Traffic Distribution (WTD) • Writeback Traffic Per Page (WTPP) • Hardware Implementation • PCM, a replacement for DRAM ? • Conclusions Chhabra, Solihin – PCM Anomalous Behavior

  3. Motivation A A A Core Core Core Horizontal Expansion Vertical Expansion Main Memory Main Memory However: DRAM faces cost, energy and scalability challenges PCM being researched as one promising alternative DISK Chhabra, Solihin – PCM Anomalous Behavior

  4. Motivation • However, PCM has several limitations: • Higher access latencies • Higher read and write energy • Limited write Endurance (107 – 108) Chhabra, Solihin – PCM Anomalous Behavior

  5. Motivation Attack on PCM only system Thrashing Last Level cache, causing a writeback every iteration TTF = Cell Endurance * cycles per write System Fails in 32 seconds Chhabra, Solihin – PCM Anomalous Behavior

  6. Motivation • Wear Leveling Algorithms • FGWL: Fine Grained Wear Leveling • Store blocks in a page in a rotated manner • Works across page faults • Security contingent on the OS swapping out the attack application’s pages Chhabra, Solihin – PCM Anomalous Behavior

  7. Motivation Wear Leveling Algorithms cannot protect against malicious behavior Need a separate Anomaly Detection Mechanism Start-Gap Wear Leveling Algorithm Chhabra, Solihin – PCM Anomalous Behavior

  8. Contributions Defining anomalous behavior for PCM based systems. (Anomaly Detection Mechanism) Propose a hardware implementation to collect these statistics reliably Show that complete replacement of DRAM with PCM is not possible Chhabra, Solihin – PCM Anomalous Behavior

  9. Related Work Cho et al., Lee et al., Zhou et al. Bridging Energy Gap Qureshi et al., Lee et al., Cho et al. Bridging Latency Gap Increasing Lifetime Qureshi et al., Cho et al., Lee et al., Zhang et al. Security Chhabra, Solihin – PCM Anomalous Behavior

  10. Experimental Setup Simics, Full system Simulator 4GHz, in-order processor Split L1 cache (32KB), 2-cycle latency Unified L2 (1MB), 10-cycle latency All caches have 64b block size and use LRU SPEC 2006 benchmarks: Skip 5B and simulate 200M instructions Chhabra, Solihin – PCM Anomalous Behavior

  11. Anomaly Detection Mechanism • Goals • Design a metric to define Anomalous behavior • Provide for reliable collection of statistics to derive this metric Chhabra, Solihin – PCM Anomalous Behavior

  12. Writebacks Per Instruction (WPI) • Intuition • Need multiple writebacks to cross the endurance limit of a cell resulting in a successful attack • Significantly more than regular applications • Claim • Writebacks Per Instruction (WPI) can be used to define anomalous behavior Chhabra, Solihin – PCM Anomalous Behavior

  13. Writebacks Per Instruction (WPI) Anomalous Behavior: An application with a WPI of more than the system WPI indicates potentially anomalous behavior Chhabra, Solihin – PCM Anomalous Behavior

  14. Writebacks Per Instruction (WPI) Insert one cycle instructions to get the WPI down Brings WPI below System WPI but attack still succeeds in 32.78 seconds However, this definition of anomaly can be broken Conclusion: Seemingly useful metric, WPI, cannot be used to define anomalous behavior Chhabra, Solihin – PCM Anomalous Behavior

  15. Write Traffic Distribution (WTD) • Intuition • Attacker needs to force writebacks to the same address repeatedly • High concentration of writes to a few lines could indicate anomalous behavior • Claim • Write Traffic Distribution (WTD) could be used to define anomalous behavior Chhabra, Solihin – PCM Anomalous Behavior

  16. Write Traffic Distribution (WTD) Anomalous Behavior: If the distribution favors one set of lines by more than α%, it indicates potential anomalous behavior Chhabra, Solihin – PCM Anomalous Behavior

  17. Write Traffic Distribution (WTD) • However, armed with knowledge of definition of anomalous behavior, WTD can be bypassed • Write to all lines of a page: Assuming 4KB page size and 64byte block size, attack succeeds in 64X time (34 minutes) • Conclusion: Seemingly useful metric, WTD, cannot be used to define anomalous behavior Chhabra, Solihin – PCM Anomalous Behavior

  18. Writeback Traffic Per Page (WTPP) • A foolproof metric must incorporate two factors: • The number of writebacks (WPI) • Set of addresses (WTD) A successful attack application will make a large number of writebacks (WPI) to a fixed set of addresses (WTD) Chhabra, Solihin – PCM Anomalous Behavior

  19. Writeback Traffic Per Page (WTPP) Anomalous Behavior: A page receiving a WTPP of more than 1.2KBPS Ideal PCM lifetime: 3 years Plugging in, Writeback Traffic = 5.3GBPS For ideal lifetime, traffic should be uniform. This gives us a traffic of 1.2KBPS per page to keep ideal lifetime Chhabra, Solihin – PCM Anomalous Behavior

  20. Writeback Traffic Per Page (WTPP) • Attacker can reduce the WTPP to less than 1.2KBPS • Conservative but needed to retain ideal lifetime Chhabra, Solihin – PCM Anomalous Behavior

  21. Hardware Implementation • Need to collect stats reliably • Need to track writebacks to all pages • Low hardware overheads Chhabra, Solihin – PCM Anomalous Behavior

  22. Hardware Implementation Chhabra, Solihin – PCM Anomalous Behavior

  23. PCM: Complete replacement for DRAM ? We defined an Anomaly detection mechanism Once anomalous behavior is detected, a solution must be in place to prevent against these attacks Killing apps not an option System must have some memory like DRAM where pages exhibiting anomalous behavior can be remapped to Hence, having DRAM portion required from both performance and reliability perspective Chhabra, Solihin – PCM Anomalous Behavior

  24. Conclusions • We defined anomalous behavior • Simple metrics like WPI and WTD can be bypassed by attackers • WTPP is a complete metric • Proposed a hardware implementation for the anomaly detection mechanism • Complete replacement of DRAM with PCM not feasible from both performance and reliability perspective Chhabra, Solihin – PCM Anomalous Behavior

  25. Thank you Chhabra, Solihin – PCM Anomalous Behavior

  26. Backup… Chhabra, Solihin – PCM Anomalous Behavior

  27. Attack on hybrid memory system Lifetime of 24 days Chhabra, Solihin – PCM Anomalous Behavior

More Related