270 likes | 460 Views
Defining Anomalous Behavior for Phase Change Memory. Siddhartha Chhabra and Yan Solihin Electrical and Computer Engineering North Carolina State University WEST-2010. Outline. Defining Anomalous Behavior Motivation Related Work Experimental Setup Anomaly Detection Mechanism
E N D
Defining Anomalous Behavior for Phase Change Memory Siddhartha Chhabra and Yan Solihin Electrical and Computer Engineering North Carolina State University WEST-2010
Outline • Defining Anomalous Behavior • Motivation • Related Work • Experimental Setup • Anomaly Detection Mechanism • Writebacks Per Instruction (WPI) • Write Traffic Distribution (WTD) • Writeback Traffic Per Page (WTPP) • Hardware Implementation • PCM, a replacement for DRAM ? • Conclusions Chhabra, Solihin – PCM Anomalous Behavior
Motivation A A A Core Core Core Horizontal Expansion Vertical Expansion Main Memory Main Memory However: DRAM faces cost, energy and scalability challenges PCM being researched as one promising alternative DISK Chhabra, Solihin – PCM Anomalous Behavior
Motivation • However, PCM has several limitations: • Higher access latencies • Higher read and write energy • Limited write Endurance (107 – 108) Chhabra, Solihin – PCM Anomalous Behavior
Motivation Attack on PCM only system Thrashing Last Level cache, causing a writeback every iteration TTF = Cell Endurance * cycles per write System Fails in 32 seconds Chhabra, Solihin – PCM Anomalous Behavior
Motivation • Wear Leveling Algorithms • FGWL: Fine Grained Wear Leveling • Store blocks in a page in a rotated manner • Works across page faults • Security contingent on the OS swapping out the attack application’s pages Chhabra, Solihin – PCM Anomalous Behavior
Motivation Wear Leveling Algorithms cannot protect against malicious behavior Need a separate Anomaly Detection Mechanism Start-Gap Wear Leveling Algorithm Chhabra, Solihin – PCM Anomalous Behavior
Contributions Defining anomalous behavior for PCM based systems. (Anomaly Detection Mechanism) Propose a hardware implementation to collect these statistics reliably Show that complete replacement of DRAM with PCM is not possible Chhabra, Solihin – PCM Anomalous Behavior
Related Work Cho et al., Lee et al., Zhou et al. Bridging Energy Gap Qureshi et al., Lee et al., Cho et al. Bridging Latency Gap Increasing Lifetime Qureshi et al., Cho et al., Lee et al., Zhang et al. Security Chhabra, Solihin – PCM Anomalous Behavior
Experimental Setup Simics, Full system Simulator 4GHz, in-order processor Split L1 cache (32KB), 2-cycle latency Unified L2 (1MB), 10-cycle latency All caches have 64b block size and use LRU SPEC 2006 benchmarks: Skip 5B and simulate 200M instructions Chhabra, Solihin – PCM Anomalous Behavior
Anomaly Detection Mechanism • Goals • Design a metric to define Anomalous behavior • Provide for reliable collection of statistics to derive this metric Chhabra, Solihin – PCM Anomalous Behavior
Writebacks Per Instruction (WPI) • Intuition • Need multiple writebacks to cross the endurance limit of a cell resulting in a successful attack • Significantly more than regular applications • Claim • Writebacks Per Instruction (WPI) can be used to define anomalous behavior Chhabra, Solihin – PCM Anomalous Behavior
Writebacks Per Instruction (WPI) Anomalous Behavior: An application with a WPI of more than the system WPI indicates potentially anomalous behavior Chhabra, Solihin – PCM Anomalous Behavior
Writebacks Per Instruction (WPI) Insert one cycle instructions to get the WPI down Brings WPI below System WPI but attack still succeeds in 32.78 seconds However, this definition of anomaly can be broken Conclusion: Seemingly useful metric, WPI, cannot be used to define anomalous behavior Chhabra, Solihin – PCM Anomalous Behavior
Write Traffic Distribution (WTD) • Intuition • Attacker needs to force writebacks to the same address repeatedly • High concentration of writes to a few lines could indicate anomalous behavior • Claim • Write Traffic Distribution (WTD) could be used to define anomalous behavior Chhabra, Solihin – PCM Anomalous Behavior
Write Traffic Distribution (WTD) Anomalous Behavior: If the distribution favors one set of lines by more than α%, it indicates potential anomalous behavior Chhabra, Solihin – PCM Anomalous Behavior
Write Traffic Distribution (WTD) • However, armed with knowledge of definition of anomalous behavior, WTD can be bypassed • Write to all lines of a page: Assuming 4KB page size and 64byte block size, attack succeeds in 64X time (34 minutes) • Conclusion: Seemingly useful metric, WTD, cannot be used to define anomalous behavior Chhabra, Solihin – PCM Anomalous Behavior
Writeback Traffic Per Page (WTPP) • A foolproof metric must incorporate two factors: • The number of writebacks (WPI) • Set of addresses (WTD) A successful attack application will make a large number of writebacks (WPI) to a fixed set of addresses (WTD) Chhabra, Solihin – PCM Anomalous Behavior
Writeback Traffic Per Page (WTPP) Anomalous Behavior: A page receiving a WTPP of more than 1.2KBPS Ideal PCM lifetime: 3 years Plugging in, Writeback Traffic = 5.3GBPS For ideal lifetime, traffic should be uniform. This gives us a traffic of 1.2KBPS per page to keep ideal lifetime Chhabra, Solihin – PCM Anomalous Behavior
Writeback Traffic Per Page (WTPP) • Attacker can reduce the WTPP to less than 1.2KBPS • Conservative but needed to retain ideal lifetime Chhabra, Solihin – PCM Anomalous Behavior
Hardware Implementation • Need to collect stats reliably • Need to track writebacks to all pages • Low hardware overheads Chhabra, Solihin – PCM Anomalous Behavior
Hardware Implementation Chhabra, Solihin – PCM Anomalous Behavior
PCM: Complete replacement for DRAM ? We defined an Anomaly detection mechanism Once anomalous behavior is detected, a solution must be in place to prevent against these attacks Killing apps not an option System must have some memory like DRAM where pages exhibiting anomalous behavior can be remapped to Hence, having DRAM portion required from both performance and reliability perspective Chhabra, Solihin – PCM Anomalous Behavior
Conclusions • We defined anomalous behavior • Simple metrics like WPI and WTD can be bypassed by attackers • WTPP is a complete metric • Proposed a hardware implementation for the anomaly detection mechanism • Complete replacement of DRAM with PCM not feasible from both performance and reliability perspective Chhabra, Solihin – PCM Anomalous Behavior
Thank you Chhabra, Solihin – PCM Anomalous Behavior
Backup… Chhabra, Solihin – PCM Anomalous Behavior
Attack on hybrid memory system Lifetime of 24 days Chhabra, Solihin – PCM Anomalous Behavior