Download presentation
Presentation is loading. Please wait.
Published byBrittney Bennett Modified over 9 years ago
1
Parallelizing Security Checks on Commodity Hardware E.B. Nightingale, D. Peek, P.M. Chen and J. Flinn U Michigan
2
Overview Introduction Speculator Design Parallel lifeguards Evaluation Conclusion
3
Introduction Security checkers (lifeguards) are too slow (~30X with taintcheck) Multi core systems are increasingly popular Can we exploit idle cores to improve lifeguard performance Speck (Speculative Error ChecKing), parallelizes lifeguards to improve performance
4
Introduction (2) Security checks are decoupled from application execution Security checks are executed in parallel on separate cores Speculator for speculative execution and rollback
5
Speculator OS level support for speculative execution and rollback Checkpoint process state before system call execution Use buffering to hide side effects (e.g I/O) of speculative execution Block process if cannot hide side effects Rollback to checkpoint state if necessary
6
Speck Design Fork instrumented clones of monitored application to run on other cores Security checks run on instrumented clones OS logging to handle non deterministic execution e.g signal delivery, system call results Speculator for speculative execution and rollback of system call
7
Design
8
Parallel Lifeguards Process Memory Analysis System Call Analysis Taint Analysis
9
Parallel Process Memory Analysis Security violations can be detected in memory –Decrypted virus image –Leaked data Check each store location for pattern All checks are independent Easy to parallelize
10
Parallel System Call Analysis Analyze program behavior using system calls –Check system call parameters –Check system call history Checks are independent Easy to parallelize
11
Parallel Taint Analysis Detect critical use of malicious input –Track propagation of input Pin based sequential taintcheck is 18X Checking is inherently sequential and hard to parallelize Log based approach to parallelize –Parallel log generation by instrumented clones (workers) –Sequential log processing by master
12
Parallel Taint Analysis Workers Generate log segments from replayed execution Eliminate redundant log records using mark and sweep algorithm (6X compression ratio) Send compressed segments to master for processing
13
Parallel Taint Analysis Master Maintains metadata Process segments in log order –Detects violations –Update metadata
14
Evaluation 8-core (quad dual core) Intel Xeon – 2.66 GHz, 4GB RAM, 8MB L2, 1.33 GHz bus –Linux 2.6 (64 bit) kernel 4-core (2 dual core) Intel Xeon –2.8G Hz, 3GB RAM, 4MB L2, 800 MHz bus – Linux 2.4 (32 bit) kernel
15
Benchmarks Process memory analysis –Frames per second of mplayer playing Harry Potter trailer System call analysis –Transactions per second (TPS) of Postmark benchmark Taint Analysis –Frames per second of mplayer playing Harry Potter trailer
16
Process Memory Analysis
17
System Call Analysis
18
Taint Analysis
19
Conclusion Speck parallelizes security checks on commodity hardware Pin based lifeguards OS level support (Speculator) for speculative execution of system call Speedups with (4 workers, 8 workers) –Process memory analysis (4X, 7.5X) –System Call Analysis (3.3X, 2.8X) –Taint Analysis (1.6X, 2X)
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.