Per-Bank Bandwidth Regulation of Shared Last-Level Cache for Real-Time Systems

Abstract

This paper addresses critical timing predictability issues in multicore real-time systems caused by cache bank contention and malicious bank-aware Denial-of-Service (DoS) attacks in shared Last-Level Caches (LLCs). The authors propose a novel per-bank bandwidth regulation approach that precisely throttles access only to contended banks, preventing unnecessary performance degradation on non-contended resources. Implemented on a RISC-V platform using FireSim, the technique effectively protects real-time tasks and offers up to 3.66x performance improvement for throttled best-effort tasks compared to prior bank-oblivious methods.

Report

Key Highlights

• Problem Addressed: Contention in multi-banked shared Last-Level Caches (LLCs) compromises system timing predictability, enabling cache bank-aware Denial-of-Service (DoS) attacks.
• Key Innovation: Introduction of a per-bank bandwidth regulation approach for shared LLCs to manage access contention locally at the bank level.
• Performance Improvement: The per-bank approach prevents performance bottlenecks on non-contended banks, resulting in up to a 3.66$\times$ throughput improvement for throttled best-effort tasks compared to bank-oblivious throttling schemes.
• Security Guarantee: The regulation effectively protects critical real-time tasks from co-running cache bank-aware DoS attacks, ensuring timing isolation.

Technical Details

• Target Architecture: Multi-banked shared Last-Level Caches (LLCs) commonly found in commercial-off-the-shelf (COTS) multicore processors.
• Regulation Method: Bandwidth throttling is applied selectively to individual cache banks based on localized contention metrics, ensuring isolation without compromising memory-level parallelism (MLP) across uncontended banks.
• Implementation Platform: The approach was implemented and verified on a RISC-V System-on-Chip (SoC) platform.
• Evaluation Environment: Extensive evaluation was conducted using FireSim, a cycle-accurate, FPGA-accelerated simulation framework, utilizing both synthetic and real-world workloads.
• Context: The work was published in the IEEE Real-Time Systems Symposium (RTSS), 2024, confirming its relevance to hard real-time computer science.

Implications

• Enhanced Real-Time Predictability: This technique is vital for establishing reliable worst-case execution time (WCET) bounds, making RISC-V architectures more viable for safety-critical real-time applications (e.g., avionics, automotive systems) where timing guarantees are non-negotiable.
• Microarchitectural Security: It provides a crucial defense mechanism against microarchitectural contention-based side-channel attacks and DoS vulnerabilities that exploit uneven bank access patterns.
• RISC-V Ecosystem Maturity: Demonstrating effective, high-performance hardware solutions for cache isolation using platforms like FireSim strengthens the confidence in RISC-V for complex, high-assurance computing domains, proving that shared resource management can be predictable and efficient.
• Improved Resource Utilization: By moving from bank-oblivious throttling to bank-aware regulation, the system achieves isolation while maximizing throughput for non-critical tasks, leading to better overall system efficiency and utilization of scarce LLC resources.