公开(公告)号：US12229248B1

公开(公告)日：2025-02-18

申请号：US17203600

申请日：2021-03-16

Applicant: Amazon Technologies, Inc.

Inventor： Pawel Wieczorkiewicz ,  Martin Pohlack ,  Uwe Dannowski ,  Bjoern Doebel

IPC: G06F21/54 ,  G06F9/455 ,  G06F12/0864 ,  G06F12/0882 ,  G06F21/55 ,  G06F21/56 ,  G06F21/79

Abstract: A computer system and associated methods are disclosed for mitigating side-channel attacks using memory page remapping. The computer system includes a main memory and a shared cache, the shared cache implementing cache set associativity determined by a portion of memory addresses of the main memory. Multiple physical memory pages are reserved for mapping to a virtual memory page, the physical memory pages differing in the respective portions of their memory addresses determining cache set associativity. Accesses to the virtual memory page result in a mapping of one of the reserved physical memory pages to the virtual memory page, with remapping events causing different ones of the physical memory pages to become mapped. This remapping results in varying cache set associativity of elements stored in the virtual memory page over time.

公开(公告)号：US11972034B1

公开(公告)日：2024-04-30

申请号：US17084336

申请日：2020-10-29

Applicant: Amazon Technologies, Inc.

Inventor： Martin Pohlack ,  Pawel Wieczorkiewicz ,  Uwe Dannowski

IPC: G06F21/79 ,  G06F12/084 ,  G06F12/0846 ,  G06F12/14 ,  G06F21/54 ,  G06F21/60

CPC classification number: G06F21/79 ,  G06F12/084 ,  G06F12/0848 ,  G06F12/1466 ,  G06F21/54 ,  G06F21/602

Abstract: A computer system and associated methods are disclosed for mitigating side-channel attacks using a shared cache. The computer system includes a host having a main memory and a shared cache. The host executes a virtual machine manager (VMM) that determines respective security keys for a plurality of co-located virtual machines (VMs). A cache controller for the shared cache includes a scrambling function that scrambles addresses of memory accesses performed by threads of the VMs according to the respective security keys. Different cache tiers may implement different scrambling functions optimized to the architecture of each cache tier. Security keys may be periodically updated to further reduce predictability of shared cache to memory address mappings.

公开(公告)号：US11620238B1

公开(公告)日：2023-04-04

申请号：US17185752

申请日：2021-02-25

Applicant: Amazon Technologies, Inc.

Inventor： Martin Pohlack ,  Uwe Dannowski ,  Pawel Wieczorkiewicz

IPC: G06F12/14 ,  G06F12/084 ,  G06F12/1045 ,  G06F12/0891 ,  G06F12/0873

Abstract: A computer system and associated methods are disclosed for mitigating side-channel attacks using a shared cache. The computer system includes a main memory, a shared cache and a cache controller for the shared cache including a scrambling function that scrambles addresses of memory accesses according to the respective scrambling keys selected for a sequence of time periods. Different cache tiers may implement different scrambling functions optimized to the architecture of each cache tier. Scrambling keys may be updated to reduce predictability of shared cache to memory address mappings. These updates may occur opportunistically, on demand or on specified schedule. Multiple scrambling keys may be simultaneously active during transitions between active time periods.