Poster: More is Less Denial-of-Service Attacks and Solutions in Many-Core On-Chip Networks

A many-core system is expected to outperform a traditional single-core system by enabling multiple applications to be executed on separate cores in parallel, given the generous assumption that the execution of an application on one core does not interfere with an application on other cores. Regrettably, this optimistic belief about independence of different applications turns out widely untrue in practice. Interdependencies and contention between cores abound in manycore systems, most prominently caused by a set of shared resources, ranging from on-chip networks, shared memories/disks, to controller buffers etc. The existence of such shared resources lends a great help to Denial-of-Service (DoS) attacks: a greedy application can immoderately engulf certain share resource, depriving other applications of gaining fair access to that shared resource. On-chip networks are one of the critical shared resources in future many-core systems. An on-chip network connects tens to hundreds of components (CPUs, caches, memory controllers, accelerators, etc) via on-chip routers, executing hundreds of tasks concurrently. For example, Tilera already has a 100-node on-chip network organized as a 10x10 mesh [1]. Figure 1 depicts an example 3x3 mesh on-chip network. Although DoS attacks and countermeasures have been extensively studied in the context of computer networks, DoS attacks on emerging on-chip networks are barely recognized by the security community. As one of very few exceptions, Moscibroda and Mutlu propose, implement, and prevent an on-chip DoS attack against shared memories [7]. However, their work does not consider on-chip networks. Due to substantial differences between computer networks and on-chip networks, solutions for computer networks cannot be transplanted to on-chip networks either. Because on-chip networks are implemented in hardware, any on-chip network mechanism needs to be simple, easy-to-implement, and energyefficient. This poster intends to raise the awareness of DoS attacks for on-chip networks among the security community. More specifically, our contribution is three-fold. (i) First, we bring forth this important problem from a security point of view, and formalize the attack model and security definition. (ii) Second, we simulate effective DoS attacks which successfully overload a node of an on-chip network. (iii) Third, we review the state-of-art mechanisms and propose possible solutions.