HARDWARE SUPPORT FOR ENFORCING INFORMATION FLOW CONTROL ON MANYCORE SYSTEMS Sarah Bird David McGrogan.

Slides:

Advertisements

Similar presentations

Emmett Witchel Krste Asanović MIT Lab for Computer Science Hardware Works, Software Doesn’t: Enforcing Modularity with Mondriaan Memory Protection.

Advertisements

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

WHAT IS AN OPERATING SYSTEM? An interface between users and hardware - an environment "architecture ” Allows convenient usage; hides the tedious stuff.

Dilma M. da Silva IBM TJ Watson Research Center, NY What is going on in Operating Systems Research: The OSDI & SOSP Perspective.

GPUs on Clouds Andrew J. Younge Indiana University (USC / Information Sciences Institute) UNCLASSIFIED: 08/03/2012.

Transactional Memory (TM) Evan Jolley EE 6633 December 7, 2012.

Considerations for Mondriaan-like Systems 2009 Workshop on Duplicating, Deconstructing, and Debunking Emmett Witchel University of Texas at Austin.

CSE 490/590, Spring 2011 CSE 490/590 Computer Architecture Virtual Memory I Steve Ko Computer Sciences and Engineering University at Buffalo.

CS 268: Active Networks Ion Stoica May 6, 2002 (* Based on David Wheterall presentation from SOSP ’99)

Virtual Memory Virtual Memory Management in Mach Labels and Event Processes in Asbestos Ingar Arntzen.

1: Operating Systems Overview

CS 300 – Lecture 22 Intro to Computer Architecture / Assembly Language Virtual Memory.

G Robert Grimm New York University Extensibility: SPIN and exokernels.

OPERATING SYSTEM OVERVIEW

LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.

Multiscalar processors

Microkernels: Mach and L4

1 New Architectures Need New Languages A triumph of optimism over experience! Ian Watson 3 rd July 2009.

Exokernel: An Operating System Architecture for Application-Level Resource Management Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr. M.I.T.

Outline Chapter 1 Hardware, Software, Programming, Web surfing, … Chapter Goals –Describe the layers of a computer system –Describe the concept.

ABACUS: A Hardware-Based Software Profiler for Modern Processors Eric Matthews Lesley Shannon School of Engineering Science Sergey Blagodurov Sergey Zhuravlev.

RAKSHA A Flexible Information Flow Architecture for Software Security Michael Dalton Hari Kannan Christos Kozyrakis Computer Systems Laboratory Stanford.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.

Module I Overview of Computer Architecture and Organization.

Stack Management Each process/thread has two stacks  Kernel stack  User stack Stack pointer changes when exiting/entering the kernel Q: Why is this necessary?

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

1 Layers of Computer Science, ISA and uArch Alexander Titov 20 September 2014.

LOGO OPERATING SYSTEM Dalia AL-Dabbagh

Operating System Review September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1.

LiNK: An Operating System Architecture for Network Processors Steve Muir, Jonathan Smith Princeton University, University of Pennsylvania

Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.

Architecture Support for OS CSCI 444/544 Operating Systems Fall 2008.

CSE 451: Operating Systems Section 10 Project 3 wrap-up, final exam review.

Comparing Memory Systems for Chip Multiprocessors Leverich et al. Computer Systems Laboratory at Stanford Presentation by Sarah Bird.

SEDA: An Architecture for Well-Conditioned, Scalable Internet Services Presented by Changdae Kim and Jaeung Han OFFENCE.

Emmett Witchel Krste Asanovic MIT Lab for Computer Science Mondriaan Memory Protection.

Timothy Whelan Supervisor: Mr Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University Hardware based packet filtering.

1 RAMP Jan’08 Raksha & Atlas: Prototyping & Emulation at Stanford Christos Kozyrakis work done by S. Wee, N. Njoroge, M. Dalton, H. Kannan Computer Systems.

CS533 Concepts of Operating Systems Jonathan Walpole.

Zeldovich et al. (both papers) Reading Group by Theo.

Virtual Workspaces Kate Keahey Argonne National Laboratory.

Lecture 13: Logic Emulation October 25, 2004 ECE 697F Reconfigurable Computing Lecture 13 Logic Emulation.

1: Operating Systems Overview 1 Jerry Breecher Fall, 2004 CLARK UNIVERSITY CS215 OPERATING SYSTEMS OVERVIEW.

1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.

Virtual Application Profiler (VAPP) Problem – Increasing hardware complexity – Programmers need to understand interactions between architecture and their.

ASPLOS’02 Presented by Kim, Sun-Hee.  Technology trends ◦ The rate of frequency scaling is slowing down  Performance must come from exploiting concurrency.

Lecture 26 Virtual Machine Monitors. Virtual Machines Goal: run an guest OS over an host OS Who has done this? Why might it be useful? Examples: Vmware,

Constructive Computer Architecture Virtual Memory: From Address Translation to Demand Paging Arvind Computer Science & Artificial Intelligence Lab. Massachusetts.

Jan. 5, 2000Systems Architecture II1 Machine Organization (CS 570) Lecture 1: Overview of High Performance Processors * Jeremy R. Johnson Wed. Sept. 27,

Paper Review of Why Events Are A Bad Idea (for high-concurrency servers) Rob von Behren, Jeremy Condit and Eric Brewer By Anandhi Sundaram.

1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.

CS5204 Fall 20051Oct. 26, 2005 Mondrix: Memory Isolation for Linux using Mondriaan Memory Protection Emmett Witchel Junghwan Rhee Krste Asanovic Sreeram.

High Performance Computing1 High Performance Computing (CS 680) Lecture 2a: Overview of High Performance Processors * Jeremy R. Johnson *This lecture was.

Running Commodity Operating Systems on Scalable Multiprocessors Edouard Bugnion, Scott Devine and Mendel Rosenblum Presentation by Mark Smith.

Introduction to Operating Systems Concepts

The Multikernel: A New OS Architecture for Scalable Multicore Systems

New Cache Designs for Thwarting Cache-based Side Channel Attacks

Presentation by Omar Abu-Azzah

Mondrix: Memory Isolation for Linux using Mondriaan Memory Protection

Cache Memory Presentation I

Address Translation for Manycore Systems

Transactional Memory Coherence and Consistency

Hardware Works, Software Doesn’t: Enforcing Modularity with Mondriaan Memory Protection Emmett Witchel Krste Asanović MIT Lab for Computer Science.

Morgan Kaufmann Publishers Memory Hierarchy: Virtual Memory

Operating System Introduction.

CSC3050 – Computer Architecture

Border Control: Sandboxing Accelerators

Presentation transcript:

HARDWARE SUPPORT FOR ENFORCING INFORMATION FLOW CONTROL ON MANYCORE SYSTEMS Sarah Bird David McGrogan

PARALLEL COMPUTING & THE FUTURE Parallel designs are emerging Scaling increases transistor counts Cannot extract any more ILP from programs Security is Important Mobile Devices Everything connected to the internet Open Source Code More personal data on the net

SECURITY Current Systems have only a couple rings of protection Adding features to an application compromises the entire application Plug-ins in Browsers Device Drivers in Operating Systems

PROJECT GOALS Provide many levels of protection Reduce trusted code More easily verified Low Overhead in Area Can’t afford to just tag everything Low Overhead in Performance Clients measure success in performance (security is still hard to quantify) Flexible System

RELATED WORK Fine-Grained Protection Mondrian Memory Protection (MIT) Legba (New South Wales) Information Flow Control HiStar (Stanford) Asbestos (UCLA, MIT, Stanford) Raksha (Stanford) Loki (Stanford) Dstar (Stanford)

INFORMATION FLOW CONTROL Provide Labels on Processes, Data, Devices, etc. Restrict the flow of information from more secure labels to less labels Can be done in hardware, software or both

HISTAR Operating System Uses Asbestos Labels Enforces Information Flow Control in Software

MONDRIAN MEMORY PROTECTION Compressed Protection Tables in Memory Protection Check in Parallel with Standard Pipeline Protection Lookaside Buffer functions caches protection results Sidecars store protection for addresses

PROJECT GOALS Provide many levels of protection HiStar Labels Reduce trusted code Enforce Protection in Hardware Low Overhead in Area Compressed Protection Tables in Memory Low Overhead in Performance Cache Protection Checks Flexible System Put Policies in Software

OUR DESIGN Protection Table Memory Network Interface Cache System Tags Per Cache Line Pipeline Protection Check Protection Check Cache

RELABLING Two Possible Solutions Local Relabling Takes advantage of locality Global Relabling Doesn’t need to be translated for different cpus Reduces network traffic Final Solution: Global Relabling with 16 bit tags 16 extra bits for read requests and responses across the network 16 extra bits per cache line in the cache system

PIPELINE Protection Check Commit Tread IDData TagProtection Check Thread 1 PC Thread 1 Tag Thread 2 PC Thread 2 Tag

MEMORY PROTECTION TABLE Flat Table More compressed Insert must slide down everything Completely flexible representation Binary Search to look up Multilevel Table Simple look up algorithm Less flexible Easy insert

METHODOLOGY Simulate design using Simics with a simple memory hierarchy Insert delays in the memory hierarchy to represent the delays for protection lookup Run simple benchmarks to measure the worst case overhead

OVERHEADS 16 bits/read request = 33.3% overhead 16 bits/read response =1.56% overhead Memory Protection Table Lookup (3 extra memory accesses)/memory read = 300% overhead Protection Cache Miss (1 memory access) Protection Check Miss = runs the software handler (2000 cycles) Memory Overhead = ~6 %

FUTURE/IN PROGRESS WORK Compare overheads with Original Histar System on a single core Develop a more realistic model of the protection system in Simics Analyze more realistic workloads for category usage

USES OF A TAGGED SYSTEM Debugging Detecting wild writes Array bounds overflows Profiling Security Isolate Processes Protect Data Restrict the flow of information

CONCLUSIONS Security is becoming increasingly important Essential to reduce trusted code and isolate processes from each other Parallel is happening Low over usage security systems are necessary Information Flow Control is a viable option Hardware support is necessary for performance Complex power may have negative power effects

REFERENCES Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, and David Mazières. Making information flow explicit in HiStar. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation, Seattle, WA, November 2006 Nickolai Zeldovich, Silas Boyd-Wickizer, and David Mazières. Securing Distributed Systems with Information Flow Control. In Proceedings of the 5th Symposium on Networked Systems Design and Implementation, San Francisco, CA, April 2008 Hari Kannan, Nickolai Zeldovich, Michael Dalton, Christos Kozyrakis. Architectural Support for Minimizing Trusted Code. Emmett Witchel, Junghwan Rhee, Krste Asanović, "Mondrix: Memory Isolation for Linux using Mondriaan Memory Protection", 20th ACM Symposium on Operating Systems Principles (SOSP-20) Brighton, UK, October Emmett Witchel, Josh Cates, and Krste Asanović, "Mondrian Memory Protection", Tenth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-X), San Jose, CA, October Maxwell Krohn, Petros Efstathopoulos, Cliff Frey, Frans Kaashoek, Eddie Kohler, David Mazières, Robert Morris, Michelle Osborne, Steve VanDeBogart and David Ziegler. Make Least Privilege a Right (Not a Privilege). Proceedings of the 10th Workshop on Hot Topics in Operating Systems, Santa Fe, NM, June Petros Efstathopoulos, Maxwell Krohn, Steve VanDeBogart, Cliff Frey, David Ziegler, Eddie Kohler, David Mazières, Frans Kaashoek and Robert Morris. Labels and Event Processes in the Asbestos Operating System. Proceedings of the 20th Symposium on Operating Systems Principles, Brighton, United Kingdom, October Michael Dalton, Hari Kannan, Christos Kozyrakis, Raksha: A Flexible Information Flow Architecture for Software Security. Proceedings of the 34th Intl. Symposium on Computer Architecture (ISCA), San Diego, CA, June Adam Wiggins, Simon Winwood, Harvey Tuch and Gernot Hesier, Legba: Fast Hardware Support for Fine- Grained Protection.