Cache-timing Attack Detection and Prevention Application ...
Timing-Predictability of Cache Replacement Policies
description
Transcript of Timing-Predictability of Cache Replacement Policies
![Page 1: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/1.jpg)
Timing-Predictability of Cache Replacement Policies
Jan Reineke - Daniel GrundChristoph Berg - Reinhard Wilhelm
AVACS Virtual Seminar, January 12th 2007
![Page 2: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/2.jpg)
22 Apr 2023 2
Predictability in Timing Context
• Hard real-time systems Strict timing constraints Need to derive upper bounds on
WCET
ACET WCET upper bound
uncertainty x penalty
time
distribution
{W|A}CET = {Worst|Average}-Case Execution Time
Predictability
![Page 3: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/3.jpg)
22 Apr 2023 3
Outlook
• Caches• Static Cache Analysis• Predictability Metrics for
Cache Replacement Policies• Further Predictability Results• Conclusion• Future Work
![Page 4: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/4.jpg)
22 Apr 2023 4
Caches: Fast Memory on Chip• Caches are used, because
– Fast main memory is too expensive– The speed gap between CPU and memory is too
large and increasing• Caches work well in the average case:
– Programs access data locally (spatial locality)– Programs reuse items (temporal locality)
Speed Size
Registers 0.25 ns 500 bytes
Cache 1 ns 64 KB
Main memory 100 ns 512 MB
Hard disk 5 ms 100 GB
![Page 5: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/5.jpg)
22 Apr 2023 5
A-Way Set-Associative Caches
Tag Index Block offset
Address:
Tag DataCache Sets:
Tag Data…
1
A
=? MuxYes:Hit!
No:Miss!
![Page 6: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/6.jpg)
22 Apr 2023 6
Example: 4-way LRU-Set
zyxt
LRU = Least Recently Used
szyx
LRU has anotion of Age
young
old
Age
Miss on s
yszx
Hit on y
![Page 7: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/7.jpg)
22 Apr 2023 7
Cache Analysis: 4-way LRU
• Goal: classify accesses as hits or misses
• Usually two analyses: – May-Analysis:
For each program point (and calling context): Which lines may be in the cache?
classify misses– Must-Analysis
For each program point (and calling context): Which lines must be in the cache?
classify hits
![Page 8: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/8.jpg)
22 Apr 2023 8
Must-Analysis for 4-way LRU: Transfer
Which lines must be in the cache? abstract domain bounds maximal age
{x}{}
{s,t}{y}
{s}{x}{t}{y}
Access of s:
young
old
Age
![Page 9: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/9.jpg)
22 Apr 2023 9
Must-Analysis for 4-way LRU: Join
How to combine information at control-flow joins?
{x}{}
{s,t}{y}
{s}{z}{x}{y}
young
old
Age
{}{}
{s,x}{y}
„Intersection + maximal age“
![Page 10: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/10.jpg)
22 Apr 2023 10
Predictability in Timing Context
• Hard real-time systems Strict timing constraints Need to derive upper bounds on
WCET
ACET WCET upper bound
uncertainty x penalty
time
distribution
{W|A}CET = {Worst|Average}-Case Execution Time
![Page 11: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/11.jpg)
22 Apr 2023 11
Uncertainty in Cache Analysis
read y
mul x, y
read x
write z
1. Initial cache contents?2. Need to combine information3. Cannot resolve address of x...4. Imprecise analysis domain/ update functions
Need to recover information: Predictability = Speed of Recovery
![Page 12: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/12.jpg)
22 Apr 2023 12
Metrics of Predictability:...
......
[f,e,d][f,e,c][f,d,c]
[h,g,f]
fillevict
Seq: a b c d e f g h
Two Variants:M = Misses OnlyHM = Hits & Misses
evict & fill
[d,c,x]
![Page 13: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/13.jpg)
22 Apr 2023 13
Meaning of evict/fill - I
• Evict:– When do we gain any may-information?– Safe information about Cache Misses
• Fill: must-information:– When do we gain precise must-
information?– Safe information about Cache Hits
![Page 14: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/14.jpg)
22 Apr 2023 14
Meaning of evict/fill - II
Metrics are independent of analyses: evict/fill bound the precision of any
static analysis! Allows to analyze an analysis:
Is it as precise as it gets w.r.t. the metrics?
![Page 15: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/15.jpg)
22 Apr 2023 15
Replacement Policies
• LRU – Least Recently UsedIntel Pentium, MIPS 24K/34K
• FIFO – First-In First-Out (Round-robin)
Intel XScale, ARM9, ARM11• PLRU – Pseudo-LRU
Intel Pentium II+III+IV, PowerPC 75x• MRU – Most Recently Used
![Page 16: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/16.jpg)
22 Apr 2023 16
LRU - Least Recently UsedLRU is the simplest case: After i ≤ k (associativity) we have exact must-
information for i elements.
{}{}{}{}
{a}{}{}{}
{c}{b}{a}{}
{d}{c}{b}{a}
{b}{a}{}{}
evict(k) = fill(k) = k
a b c d
![Page 17: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/17.jpg)
22 Apr 2023 17
FIFO – First-In First-Out• Like LRU in the miss-case• But hits do not change the state
xcyz
axcy
baxc
dbax
baxc
a b c d
![Page 18: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/18.jpg)
22 Apr 2023 18
MRU - Most Recently Used
MRU-bit records whether line was recently used
Problem: never stabilizes
e
c b,d
c „safe“for 5 acc.
,e
![Page 19: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/19.jpg)
22 Apr 2023 19
Tree maintains order:
Problem: accesses „rejuvenate“ neighborhood
Pseudo-LRU
c
e
![Page 20: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/20.jpg)
22 Apr 2023 20
Results: tight bounds
Parametric examples prove tightness.
![Page 21: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/21.jpg)
22 Apr 2023 21
Results: instances for k=4,8
Question: 8-way PLRU cache, 4 instructions per line Assume equal distribution of instructions over 256 sets:
How long a straight-line code sequence is needed to obtain precise must-information?
![Page 22: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/22.jpg)
22 Apr 2023 22
Can we do something cheaper?
Analyses that reach perfect precision can be very expensive!
Minimum Live-Span (mls): How long does an element at least survive in the cache?
Enables cheap analysis that just keeps track of the last mls accesses.
![Page 23: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/23.jpg)
22 Apr 2023 23
Minimum Live-Span - Results
![Page 24: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/24.jpg)
22 Apr 2023 24
Evolution of may/must-information
8-way LRU:
k
![Page 25: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/25.jpg)
22 Apr 2023 25
Evolution of may/must-information
8-way FIFO:
k
![Page 26: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/26.jpg)
22 Apr 2023 26
Evolution of may/must-information
8-way MRU:
2k-2
k-1
![Page 27: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/27.jpg)
22 Apr 2023 27
Evolution of may/must-information
8-way PLRU:
k
![Page 28: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/28.jpg)
22 Apr 2023 28
Conclusion
• First analytical results on the predictability of cache replacement policies
• LRU is perfect in terms of our predictability metrics
• FIFO and MRU are particularly bad, especially considering the evolution of must-information
![Page 29: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/29.jpg)
22 Apr 2023 29
Future Work
Find new cache replacement policies
• Predictable• Cheap to implement• High (average-case) performance
![Page 30: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/30.jpg)
22 Apr 2023 30
Future Work
Analyze cache analyses:• Do they ever recover „perfect“ may/must-
information?• If so, within evict/fill accesses?Develop precise and efficient analyses:• Idea: Remember last evict accesses• Problem: Accesses are not pairwise
different in practice (cache hits! ;-))
![Page 31: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/31.jpg)
22 Apr 2023 31
Future Work
Simplify access sequences :– <x y z z> <x y z> !– <x z y z> <x y z> ? Works for LRU, not for other policies in
general?Yields currently leading LRU analysis
after additional abstraction.
![Page 32: Timing-Predictability of Cache Replacement Policies](https://reader036.fdocuments.in/reader036/viewer/2022062323/568160f3550346895dd02a8e/html5/thumbnails/32.jpg)
22 Apr 2023 32
Future Work
Beyond evict/fill:• Evict/fill assume complete uncertainty• What if there is only partial uncertainty?• Other useful metrics?