The Community for Technology Leaders
2018 IEEE International Conference on Cloud Engineering (IC2E) (2018)
Orlando, FL, US
Apr 17, 2018 to Apr 20, 2018
ISBN: 978-1-5386-5008-0
pp: 34-40
Despite the isolation mechanisms that are available to cloud service providers, like virtual machines and containers, the problem of side-channel vulnerabilities due to shared caches and multicore processors remains a threat. We present a hardware-software mechanism that improves the isolation of cloud processes in the presence of shared caches on multicore chips. Our technique can enable cache-side-channel free computing for Linux-based containers and virtual machines by com-bining the Intel CAT architecture that enables cache partitioning with novel scheduling techniques and state cleansing mechanisms. We evaluate our system using a CPU-bound workload and demonstrate cache-side-channel-free computation that is correct by construction. Our system allows Simultaneous Multithreading to remain enabled and does not require application level changes.
cache storage, cloud computing, Linux, microprocessor chips, multiprocessing systems, multi-threading, resource allocation, scheduling, virtual machines

R. Sprabery, K. Evchenko, A. Raj, R. B. Bobba, S. Mohan and R. Campbell, "Scheduling, Isolation, and Cache Allocation: A Side-Channel Defense," 2018 IEEE International Conference on Cloud Engineering (IC2E), Orlando, FL, US, 2018, pp. 34-40.
213 ms
(Ver 3.3 (11022016))