Security Vulnerability in Processor-Interconnect Router Design
Venue
Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, ACM, New York, NY, pp. 358-368
Publication Year
2014
Authors
WonJun Song, John Kim, Jae W. Lee, Dennis Abts
BibTeX
Abstract
Servers that consist of multiple nodes and sockets are interconnected together with
a high-bandwidth, low latency processor interconnect network, such as Intel QPI or
AMD Hypertransport technologies. The different nodes exchange packets through
routers which communicate with other routers. A key component of a router is the
routing table which determines which output port an arriving packet should be
forwarded through. However, because of the flexibility (or programmability) of the
routing tables, we show that it can result in security vulnerability. We describe
the procedures for how the routing tables in a processor-interconnect router can be
modified. Based on these modifications, we propose new system attacks in a server,
which include both performance attacks by degrading the latency and/or the
bandwidth of the processor interconnect as well as a livelock attack that hangs the
system. We implement these system on an 8-node AMD server and show how performance
can be significantly degraded. Based on this vulnerability, we propose alternative
solutions that provide various trade-off in terms of flexibility and cost while
minimizing the routing table security vulnerability.
