基于动态资源使用策略的SMT执行端口侧信道安全防护  被引量：1

作　　者：岳晓萌[1,2] 杨秋松 李明树[1] Yue Xiaomeng;Yang Qiusong;Li Mingshu(National Engineering Research Center for Fundamental Software(Institute of Software,Chinese Academy of Sciences),Beijing 100190;University of Chinese Academy of Sciences,Beijing 100049)

机构地区：[1]基础软件国家工程研究中心(中国科学院软件研究所),北京100190 [2]中国科学院大学,北京100049

出　　处：《计算机研究与发展》2022年第2期403-417,共15页Journal of Computer Research and Development

基　　金：“核高基”国家科技重大专项基金项目(2014ZX01029101-002);中国科学院战略性先导科技专项(XDA-Y01-01)。

摘　　要：同时多线程(simultaneous multi-threading,SMT)技术是提升线程级并行度的重要微架构优化技术之一,SMT技术能够在1个物理核上实现2个逻辑核,提升处理器的整体性能.然而,以共享执行端口为代表的SMT环境下特有的时间侧信道安全问题也陆续出现.提出了一种基于动态资源使用策略的SMT环境下执行端口时间侧信道攻击防护方法,基于SMT技术对数据结构资源的不同处理方式设计动态策略调整算法,通过改进处理器端口绑定及调度选择算法以防护SMT环境下执行端口时间侧信道攻击.防护设计实现了端口冲突矩阵、分支过滤器和动态资源使用策略修改器3个组件,该方法在防护有效性上可以达到关闭SMT技术的防护效果且性能开销大大降低,同时硬件开销可控,具有较高的应用价值.Simultaneous multi-threading(SMT)technology is one of the important micro-architecture optimization technologies to improve thread-level parallelism.SMT can realize two logical cores on one physical core and improve the overall performance of the processor.However,some timing channel security problems represented by sharing execution ports in SMT environment appeared.A port timing channel attack defending method is proposed based on dynamic resource usage strategy in SMT environment.Dynamic strategy adjustment algorithm is designed for different processing modes of data structure resources,and improved processor port binding and scheduling selection algorithm are adopted to protect the port side channel attack in SMT environment.Defending method used modular design has realized the port conflict matrix,branch filters and dynamic resource editor strategy.Respectively judgment model for port conflict,branch information filtering and SMT dynamic resource use strategy changes,the final modification strategy can be directly applied to the execution port binding and scheduling algorithm.The defending method in this paper can achieve the effect of close SMT technology and reduce the performance cost greatly.At the same time,its hardware cost is controllable.Therefore,the method proposed in this study has high application value.

关 键 词：同时多线程 时间信道 侧信道 执行端口 安全防护 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]