公开(公告)号：US12229248B1

公开(公告)日：2025-02-18

申请号：US17203600

申请日：2021-03-16

Applicant: Amazon Technologies, Inc.

Inventor： Pawel Wieczorkiewicz ,  Martin Pohlack ,  Uwe Dannowski ,  Bjoern Doebel

IPC: G06F21/54 ,  G06F9/455 ,  G06F12/0864 ,  G06F12/0882 ,  G06F21/55 ,  G06F21/56 ,  G06F21/79

Abstract: A computer system and associated methods are disclosed for mitigating side-channel attacks using memory page remapping. The computer system includes a main memory and a shared cache, the shared cache implementing cache set associativity determined by a portion of memory addresses of the main memory. Multiple physical memory pages are reserved for mapping to a virtual memory page, the physical memory pages differing in the respective portions of their memory addresses determining cache set associativity. Accesses to the virtual memory page result in a mapping of one of the reserved physical memory pages to the virtual memory page, with remapping events causing different ones of the physical memory pages to become mapped. This remapping results in varying cache set associativity of elements stored in the virtual memory page over time.

公开(公告)号：US11755496B1

公开(公告)日：2023-09-12

申请号：US17547888

申请日：2021-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Peter Barry ,  Adi Habusha ,  Martin Pohlack

IPC: G06F12/1009 ,  G06F12/0882 ,  G06F12/06 ,  G06F12/02

CPC classification number: G06F12/1009 ,  G06F12/0238 ,  G06F12/0646 ,  G06F12/0882 ,  G06F2212/7201

Abstract: A computer system and methods are disclosed for mitigating side-channel attacks using memory aliasing. The computer system includes a memory, a memory controller and a cache. Responsive to determining to share a memory location among processes, the address of the memory may be aliased to another address within the same address space, with the address and aliased address assigned to respective ones of the processes. The memory controller manages the address space according to an aliasing region and a non-aliasing region, with addresses corresponding to the non-aliasing region being passed through to the memory. Addresses corresponding to the aliasing region are translated by the memory controller to match corresponding non-aliased memory addresses allowing aliased and non-aliased addresses to access same memory locations. A cache may cache accesses to memory addresses, including the non-aliased and aliased addresses, with different cache locations for selected according to the respective addresses of memory.

公开(公告)号：US11635919B1

公开(公告)日：2023-04-25

申请号：US17491252

申请日：2021-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Martin Pohlack ,  Peter Barry ,  Filippo Sironi

IPC: G06F3/06 ,  G06F12/1045 ,  G06F12/0882

Abstract: A computing device including executable processes may determine that a future likelihood of access for virtual memory pages of an executable process are below a threshold likelihood of access based on an execution status of the executable process or a tracking of memory accesses to the virtual memory pages of the executable process. Responsive to this determination, memory pages found to store contents matching that of memory pages mapped to other processes may be unmapped from the process and released for reuse by the computing device. The virtual memory pages may then be marked as being shared with the similar memory pages mapped to the other processes. At a later time, the memory pages of the process may be configured to be non-shared, the configuring including either copying respective shared pages to non-shared pages or enabling a processor exception on access to the memory pages.

公开(公告)号：US11972034B1

公开(公告)日：2024-04-30

申请号：US17084336

申请日：2020-10-29

Applicant: Amazon Technologies, Inc.

Inventor： Martin Pohlack ,  Pawel Wieczorkiewicz ,  Uwe Dannowski

IPC: G06F21/79 ,  G06F12/084 ,  G06F12/0846 ,  G06F12/14 ,  G06F21/54 ,  G06F21/60

CPC classification number: G06F21/79 ,  G06F12/084 ,  G06F12/0848 ,  G06F12/1466 ,  G06F21/54 ,  G06F21/602

Abstract: A computer system and associated methods are disclosed for mitigating side-channel attacks using a shared cache. The computer system includes a host having a main memory and a shared cache. The host executes a virtual machine manager (VMM) that determines respective security keys for a plurality of co-located virtual machines (VMs). A cache controller for the shared cache includes a scrambling function that scrambles addresses of memory accesses performed by threads of the VMs according to the respective security keys. Different cache tiers may implement different scrambling functions optimized to the architecture of each cache tier. Security keys may be periodically updated to further reduce predictability of shared cache to memory address mappings.

公开(公告)号：US11620238B1

公开(公告)日：2023-04-04

申请号：US17185752

申请日：2021-02-25

Applicant: Amazon Technologies, Inc.

Inventor： Martin Pohlack ,  Uwe Dannowski ,  Pawel Wieczorkiewicz

IPC: G06F12/14 ,  G06F12/084 ,  G06F12/1045 ,  G06F12/0891 ,  G06F12/0873

Abstract: A computer system and associated methods are disclosed for mitigating side-channel attacks using a shared cache. The computer system includes a main memory, a shared cache and a cache controller for the shared cache including a scrambling function that scrambles addresses of memory accesses according to the respective scrambling keys selected for a sequence of time periods. Different cache tiers may implement different scrambling functions optimized to the architecture of each cache tier. Scrambling keys may be updated to reduce predictability of shared cache to memory address mappings. These updates may occur opportunistically, on demand or on specified schedule. Multiple scrambling keys may be simultaneously active during transitions between active time periods.