公开(公告)号：US11755496B1

公开(公告)日：2023-09-12

申请号：US17547888

申请日：2021-12-10

申请人： Amazon Technologies, Inc.

发明人： Peter Barry ,  Adi Habusha ,  Martin Pohlack

IPC分类号： G06F12/1009 ,  G06F12/0882 ,  G06F12/06 ,  G06F12/02

CPC分类号： G06F12/1009 ,  G06F12/0238 ,  G06F12/0646 ,  G06F12/0882 ,  G06F2212/7201

摘要： A computer system and methods are disclosed for mitigating side-channel attacks using memory aliasing. The computer system includes a memory, a memory controller and a cache. Responsive to determining to share a memory location among processes, the address of the memory may be aliased to another address within the same address space, with the address and aliased address assigned to respective ones of the processes. The memory controller manages the address space according to an aliasing region and a non-aliasing region, with addresses corresponding to the non-aliasing region being passed through to the memory. Addresses corresponding to the aliasing region are translated by the memory controller to match corresponding non-aliased memory addresses allowing aliased and non-aliased addresses to access same memory locations. A cache may cache accesses to memory addresses, including the non-aliased and aliased addresses, with different cache locations for selected according to the respective addresses of memory.

公开(公告)号：US11635919B1

公开(公告)日：2023-04-25

申请号：US17491252

申请日：2021-09-30

申请人： Amazon Technologies, Inc.

发明人： Martin Pohlack ,  Peter Barry ,  Filippo Sironi

IPC分类号： G06F3/06 ,  G06F12/1045 ,  G06F12/0882

摘要： A computing device including executable processes may determine that a future likelihood of access for virtual memory pages of an executable process are below a threshold likelihood of access based on an execution status of the executable process or a tracking of memory accesses to the virtual memory pages of the executable process. Responsive to this determination, memory pages found to store contents matching that of memory pages mapped to other processes may be unmapped from the process and released for reuse by the computing device. The virtual memory pages may then be marked as being shared with the similar memory pages mapped to the other processes. At a later time, the memory pages of the process may be configured to be non-shared, the configuring including either copying respective shared pages to non-shared pages or enabling a processor exception on access to the memory pages.

公开(公告)号：US11972034B1

公开(公告)日：2024-04-30

申请号：US17084336

申请日：2020-10-29

申请人： Amazon Technologies, Inc.

发明人： Martin Pohlack ,  Pawel Wieczorkiewicz ,  Uwe Dannowski

IPC分类号： G06F21/79 ,  G06F12/084 ,  G06F12/0846 ,  G06F12/14 ,  G06F21/54 ,  G06F21/60

CPC分类号： G06F21/79 ,  G06F12/084 ,  G06F12/0848 ,  G06F12/1466 ,  G06F21/54 ,  G06F21/602

摘要： A computer system and associated methods are disclosed for mitigating side-channel attacks using a shared cache. The computer system includes a host having a main memory and a shared cache. The host executes a virtual machine manager (VMM) that determines respective security keys for a plurality of co-located virtual machines (VMs). A cache controller for the shared cache includes a scrambling function that scrambles addresses of memory accesses performed by threads of the VMs according to the respective security keys. Different cache tiers may implement different scrambling functions optimized to the architecture of each cache tier. Security keys may be periodically updated to further reduce predictability of shared cache to memory address mappings.

公开(公告)号：US11620238B1

公开(公告)日：2023-04-04

申请号：US17185752

申请日：2021-02-25

申请人： Amazon Technologies, Inc.

发明人： Martin Pohlack ,  Uwe Dannowski ,  Pawel Wieczorkiewicz

IPC分类号： G06F12/14 ,  G06F12/084 ,  G06F12/1045 ,  G06F12/0891 ,  G06F12/0873

摘要： A computer system and associated methods are disclosed for mitigating side-channel attacks using a shared cache. The computer system includes a main memory, a shared cache and a cache controller for the shared cache including a scrambling function that scrambles addresses of memory accesses according to the respective scrambling keys selected for a sequence of time periods. Different cache tiers may implement different scrambling functions optimized to the architecture of each cache tier. Scrambling keys may be updated to reduce predictability of shared cache to memory address mappings. These updates may occur opportunistically, on demand or on specified schedule. Multiple scrambling keys may be simultaneously active during transitions between active time periods.