Publication list

Supervised Master's theses of Sergej Breiter

1. Simon Hilchenbach. CacheHound: Automated Reverse-Engineering of CPU Cache Policies in Modern Multiprocessors. 9 2024. PDF
   Abstract

   In modern multiprocessors, hardware manufacturers employ a hierarchy of CPU caches to mitigate the considerable latency associated with accessing main memory. These CPU caches leverage the temporal and spatial locality of an application's data access patterns to serve a portion of the main memory at significantly reduced latencies. The operation of CPU caches is governed by cache policies. While this solution is effective in the majority of scenarios, an application may encounter difficulties in performing optimally under a given cache policy, potentially leading to issues such as thrashing. Awareness of the policy would facilitate the restructuring of the application to align with it. Such knowledge can be further applied to the domain of cache-based side-channels, from both a hardening and an attacker perspective. However, manufacturers typically refrain from disclosing the details of their cache policies, particularly those pertaining to the placement and replacement of data within the cache. Prior research has focused on the reverse-engineering of replacement policies, yet we are not aware of any investigation into placement policies. Moreover, to the best of our knowledge, there is currently no generic framework for the reverse-engineering of CPU caches. In this work, we devise such a framework and also develop a methodology for the reverse-engineering of placement policies. We provide a corresponding open-source implementation, called CacheHound, and benchmark it on several x86- and ARM-based systems. Finally, we employ the gained knowledge to explore use cases in the fields of security and high-performance computing (HPC).
   BibTeX Entry

   @misc{hilc24, author = {Simon Hilchenbach}, title = {{CacheHound:} {Automated} {Reverse-Engineering} of {CPU} {Cache} {Policies} in {Modern} {Multiprocessors}}, year = {2024}, pdf = {https://bib.nm.ifi.lmu.de/pdf/hilc24.pdf}, abstract = {In modern multiprocessors, hardware manufacturers employ a hierarchy of CPU caches to mitigate the considerable latency associated with accessing main memory. These CPU caches leverage the temporal and spatial locality of an application's data access patterns to serve a portion of the main memory at significantly reduced latencies. The operation of CPU caches is governed by cache policies. While this solution is effective in the majority of scenarios, an application may encounter difficulties in performing optimally under a given cache policy, potentially leading to issues such as thrashing. Awareness of the policy would facilitate the restructuring of the application to align with it. Such knowledge can be further applied to the domain of cache-based side-channels, from both a hardening and an attacker perspective. However, manufacturers typically refrain from disclosing the details of their cache policies, particularly those pertaining to the placement and replacement of data within the cache. Prior research has focused on the reverse-engineering of replacement policies, yet we are not aware of any investigation into placement policies. Moreover, to the best of our knowledge, there is currently no generic framework for the reverse-engineering of CPU caches. In this work, we devise such a framework and also develop a methodology for the reverse-engineering of placement policies. We provide a corresponding open-source implementation, called CacheHound, and benchmark it on several x86- and ARM-based systems. Finally, we employ the gained knowledge to explore use cases in the fields of security and high-performance computing (HPC).}, key = {hilc24}, month = {9}, school = {Ludwig-Maximilians-Universität München}, supervisors = {Karl Fuerlinger and Sergej Breiter}, type = {Masterthesis}, }