JavaScript Zero. Real JavaScript and Zero Side-Channel Attacks. Michael Schwarz, Moritz Lipp, Daniel Gruss
Size: px
Start display at page:

Download "JavaScript Zero. Real JavaScript and Zero Side-Channel Attacks. Michael Schwarz, Moritz Lipp, Daniel Gruss"

Transcription

1 JavaScript Zero Real JavaScript and Zero Side-Channel Attacks Michael Schwarz, Moritz Lipp, Daniel Gruss Michael Schwarz, Moritz Lipp, Daniel Gruss

2 Outline Analysis of current microarchitectural and side-channel attacks Identifying building blocks for attacks Countermeasures for preventing attacks Implementation of countermeasures Evaluation of countermeasures 2 Michael Schwarz, Moritz Lipp, Daniel Gruss

3 Landscape of Microarchitectural Attacks Currently 11 microarchitectural and side-channel attacks in JavaScript 3 Michael Schwarz, Moritz Lipp, Daniel Gruss

4 Landscape of Microarchitectural Attacks Currently 11 microarchitectural and side-channel attacks in JavaScript Analyse requirements for every attack 3 Michael Schwarz, Moritz Lipp, Daniel Gruss

5 Landscape of Microarchitectural Attacks Currently 11 microarchitectural and side-channel attacks in JavaScript Analyse requirements for every attack Results in 5 categories 3 Michael Schwarz, Moritz Lipp, Daniel Gruss

6 Landscape of Microarchitectural Attacks Currently 11 microarchitectural and side-channel attacks in JavaScript Analyse requirements for every attack Results in 5 categories Memory addresses Accurate timing Multithreading Shared data Sensor API 3 Michael Schwarz, Moritz Lipp, Daniel Gruss

7 Landscape of Microarchitectural Attacks Currently 11 microarchitectural and side-channel attacks in JavaScript Analyse requirements for every attack Results in 5 categories Memory addresses Accurate timing Multithreading Shared data Sensor API Every attack is in at least one category 3 Michael Schwarz, Moritz Lipp, Daniel Gruss

8 Memory Addresses Language does not provide addresses to programmer 4 Michael Schwarz, Moritz Lipp, Daniel Gruss

9 Memory Addresses Language does not provide addresses to programmer Closest to virtual address: array indices 4 Michael Schwarz, Moritz Lipp, Daniel Gruss

10 Memory Addresses Language does not provide addresses to programmer Closest to virtual address: array indices Detect beginning of physical pages through high timing on page faults 4 Michael Schwarz, Moritz Lipp, Daniel Gruss

11 Accurate Timing Nearly all attacks require accurate timing 5 Michael Schwarz, Moritz Lipp, Daniel Gruss

12 Accurate Timing Nearly all attacks require accurate timing No absolute timestamps required, only time differences 5 Michael Schwarz, Moritz Lipp, Daniel Gruss

13 Accurate Timing Nearly all attacks require accurate timing No absolute timestamps required, only time differences Required accuracy varies between milliseconds and nanoseconds 5 Michael Schwarz, Moritz Lipp, Daniel Gruss

14 Multithreading JavaScript introduced multi threading with web workers 6 Michael Schwarz, Moritz Lipp, Daniel Gruss

15 Multithreading JavaScript introduced multi threading with web workers Real concurrency in applications 6 Michael Schwarz, Moritz Lipp, Daniel Gruss

16 Multithreading JavaScript introduced multi threading with web workers Real concurrency in applications Enables new side-channel attacks 6 Michael Schwarz, Moritz Lipp, Daniel Gruss

17 Shared Data Usually no shared data between threads due to synchronization issues 7 Michael Schwarz, Moritz Lipp, Daniel Gruss

18 Shared Data Usually no shared data between threads due to synchronization issues Exception: SharedArrayBuffer 7 Michael Schwarz, Moritz Lipp, Daniel Gruss

19 Shared Data Usually no shared data between threads due to synchronization issues Exception: SharedArrayBuffer Only useful in combination with web workers 7 Michael Schwarz, Moritz Lipp, Daniel Gruss

20 Shared Data Usually no shared data between threads due to synchronization issues Exception: SharedArrayBuffer Only useful in combination with web workers Not enabled by default 7 Michael Schwarz, Moritz Lipp, Daniel Gruss

21 Sensor API Some side-channel attacks only require access to sensors 8 Michael Schwarz, Moritz Lipp, Daniel Gruss

22 Sensor API Some side-channel attacks only require access to sensors Some sensors can be used without user consent, e.g., ambient light 8 Michael Schwarz, Moritz Lipp, Daniel Gruss

23 Sensor API Some side-channel attacks only require access to sensors Some sensors can be used without user consent, e.g., ambient light Every sensor is exploitable 8 Michael Schwarz, Moritz Lipp, Daniel Gruss

24 Defenses

25 Countermeasures Countermeasures have to address all categories 9 Michael Schwarz, Moritz Lipp, Daniel Gruss

26 Countermeasures Countermeasures have to address all categories Should not be visible to the programmer 9 Michael Schwarz, Moritz Lipp, Daniel Gruss

27 Countermeasures Countermeasures have to address all categories Should not be visible to the programmer Implementation is on the microarchitectural level of JavaScript 9 Michael Schwarz, Moritz Lipp, Daniel Gruss

28 Countermeasures Countermeasures have to address all categories Should not be visible to the programmer Implementation is on the microarchitectural level of JavaScript If no category is usable for attacks anymore, future attacks are hard 9 Michael Schwarz, Moritz Lipp, Daniel Gruss

29 Memory Addresses Ensure arrays are memory backed and not linear 10 Michael Schwarz, Moritz Lipp, Daniel Gruss

30 Memory Addresses Ensure arrays are memory backed and not linear Additionally, add random dummy accesses 10 Michael Schwarz, Moritz Lipp, Daniel Gruss

31 Memory Addresses Ensure arrays are memory backed and not linear Additionally, add random dummy accesses Prevents many microarchitectural attacks 10 Michael Schwarz, Moritz Lipp, Daniel Gruss

32 Memory Addresses Ensure arrays are memory backed and not linear Additionally, add random dummy accesses Prevents many microarchitectural attacks Side effect: make exploits harder where addresses are required 10 Michael Schwarz, Moritz Lipp, Daniel Gruss

33 Accurate Timing Reducing the resolution of performance.now() is a first step 11 Michael Schwarz, Moritz Lipp, Daniel Gruss

34 Accurate Timing Reducing the resolution of performance.now() is a first step Only rounding the timestamps is not sufficient 11 Michael Schwarz, Moritz Lipp, Daniel Gruss

35 Accurate Timing Reducing the resolution of performance.now() is a first step Only rounding the timestamps is not sufficient Fuzzy time (Vattikonda et al.) adds random jitter 11 Michael Schwarz, Moritz Lipp, Daniel Gruss

36 Accurate Timing Reducing the resolution of performance.now() is a first step Only rounding the timestamps is not sufficient Fuzzy time (Vattikonda et al.) adds random jitter Timestamps are still monotonic, but clock edges are randomized 11 Michael Schwarz, Moritz Lipp, Daniel Gruss

37 Multithreading Only real solution is to prevent multithreading 12 Michael Schwarz, Moritz Lipp, Daniel Gruss

38 Multithreading Only real solution is to prevent multithreading Some attacks can be prevented by adding random delays to postmessage 12 Michael Schwarz, Moritz Lipp, Daniel Gruss

39 Multithreading Only real solution is to prevent multithreading Some attacks can be prevented by adding random delays to postmessage Prevents certain timing primitives and attacks on the event-queue latency 12 Michael Schwarz, Moritz Lipp, Daniel Gruss

40 Shared Data Best countermeasures: do not allow shared data 13 Michael Schwarz, Moritz Lipp, Daniel Gruss

41 Shared Data Best countermeasures: do not allow shared data Many attacks exploit fast concurrent access to SharedArrayBuffer 13 Michael Schwarz, Moritz Lipp, Daniel Gruss

42 Shared Data Best countermeasures: do not allow shared data Many attacks exploit fast concurrent access to SharedArrayBuffer Alternative: delay access to buffer 13 Michael Schwarz, Moritz Lipp, Daniel Gruss

43 Shared Data Best countermeasures: do not allow shared data Many attacks exploit fast concurrent access to SharedArrayBuffer Alternative: delay access to buffer Degrades resolution of timing primitive to microseconds 13 Michael Schwarz, Moritz Lipp, Daniel Gruss

44 Sensor API Reduce resolution and update frequency of sensors 14 Michael Schwarz, Moritz Lipp, Daniel Gruss

45 Sensor API Reduce resolution and update frequency of sensors Sensor APIs should always ask user for permission 14 Michael Schwarz, Moritz Lipp, Daniel Gruss

46 Sensor API Reduce resolution and update frequency of sensors Sensor APIs should always ask user for permission Every sensor is usable for attacks, even ambient light sensor 14 Michael Schwarz, Moritz Lipp, Daniel Gruss

47 Sensor API Reduce resolution and update frequency of sensors Sensor APIs should always ask user for permission Every sensor is usable for attacks, even ambient light sensor To not break existing applications, sensors return constant value 14 Michael Schwarz, Moritz Lipp, Daniel Gruss

48 Implementation

49 Designing the Countermeasure Best solution is to implement defenses in the browser core 15 Michael Schwarz, Moritz Lipp, Daniel Gruss

50 Designing the Countermeasure Best solution is to implement defenses in the browser core Maintaining a browser fork is hard work 15 Michael Schwarz, Moritz Lipp, Daniel Gruss

51 Designing the Countermeasure Best solution is to implement defenses in the browser core Maintaining a browser fork is hard work We want a generic solution for multiple browsers 15 Michael Schwarz, Moritz Lipp, Daniel Gruss

52 Designing the Countermeasure Best solution is to implement defenses in the browser core Maintaining a browser fork is hard work We want a generic solution for multiple browsers Parsing JavaScript is hard 15 Michael Schwarz, Moritz Lipp, Daniel Gruss

53 Designing the Countermeasure Best solution is to implement defenses in the browser core Maintaining a browser fork is hard work We want a generic solution for multiple browsers Parsing JavaScript is hard Implementation in JavaScript Virtual machine layering 15 Michael Schwarz, Moritz Lipp, Daniel Gruss

54 Designing the Countermeasure Best solution is to implement defenses in the browser core Maintaining a browser fork is hard work We want a generic solution for multiple browsers Parsing JavaScript is hard Implementation in JavaScript Virtual machine layering Proof-of-concept is implemented as browser extension 15 Michael Schwarz, Moritz Lipp, Daniel Gruss

55 Virtual Machine Layering Functions and properties are replaced by wrappers Page Context Script Extension Context Return Call Wrapper Call Filtered value Default value Allowed? Yes Original Function No 16 Michael Schwarz, Moritz Lipp, Daniel Gruss

56 Virtual Machine Layering Functions can be re-defined in JavaScript var o r i g i n a l r e f e r e n c e = window. performance. now ; window. performance. now = function ( ) { return 0 ; } ; 17 Michael Schwarz, Moritz Lipp, Daniel Gruss

57 Virtual Machine Layering Functions can be re-defined in JavaScript var o r i g i n a l r e f e r e n c e = window. performance. now ; window. performance. now = function ( ) { return 0 ; } ; // call the new function (via function name) a l e r t ( window. performance. now ( ) ) ; // == alert(0) 17 Michael Schwarz, Moritz Lipp, Daniel Gruss

58 Virtual Machine Layering Functions can be re-defined in JavaScript var o r i g i n a l r e f e r e n c e = window. performance. now ; window. performance. now = function ( ) { return 0 ; } ; // call the new function (via function name) a l e r t ( window. performance. now ( ) ) ; // == alert(0) // call the original function (only via reference) a l e r t ( o r i g i n a l r e f e r e n c e. c a l l ( window. performance ) ) ; 17 Michael Schwarz, Moritz Lipp, Daniel Gruss

59 Virtual Machine Layering Functions can be re-defined in JavaScript var o r i g i n a l r e f e r e n c e = window. performance. now ; window. performance. now = function ( ) { return 0 ; } ; // call the new function (via function name) a l e r t ( window. performance. now ( ) ) ; // == alert(0) // call the original function (only via reference) a l e r t ( o r i g i n a l r e f e r e n c e. c a l l ( window. performance ) ) ; Properties can be replaced by accessor properties 17 Michael Schwarz, Moritz Lipp, Daniel Gruss

60 Virtual Machine Layering for Objects Objects are proxied new Object Methods Script Proxy(Object) Filter Methods Object 18 Michael Schwarz, Moritz Lipp, Daniel Gruss

61 Virtual Machine Layering for Objects Objects are proxied new Object Methods Script Proxy(Object) Filter Methods Object All properties and functions are handled by the original object 18 Michael Schwarz, Moritz Lipp, Daniel Gruss

62 Virtual Machine Layering for Objects Objects are proxied new Object Methods Script Proxy(Object) Filter Methods Object All properties and functions are handled by the original object Functions and properties can be overwritten in the proxy object 18 Michael Schwarz, Moritz Lipp, Daniel Gruss

63 Self Protection Attacker tries to circumvent JavaScript Zero 19 Michael Schwarz, Moritz Lipp, Daniel Gruss

64 Self Protection Attacker tries to circumvent JavaScript Zero Self protection is necessary if implemented in JavaScript 19 Michael Schwarz, Moritz Lipp, Daniel Gruss

65 Self Protection Attacker tries to circumvent JavaScript Zero Self protection is necessary if implemented in JavaScript Use closures to hide all references to original functions ( function ( ) { // original is only accessible in this scope var o r i g i n a l = window. performance. now ; window. performance. now =... } ) ( ) ; 19 Michael Schwarz, Moritz Lipp, Daniel Gruss

66 Self Protection Attacker tries to circumvent JavaScript Zero Self protection is necessary if implemented in JavaScript Use closures to hide all references to original functions ( function ( ) { // original is only accessible in this scope var o r i g i n a l = window. performance. now ; window. performance. now =... } ) ( ) ; Prevent objects from being modified: Object.freeze 19 Michael Schwarz, Moritz Lipp, Daniel Gruss

67 Evaluation

68 Page Border Detection Border of pages leak 12 or 21 bits (depending on page size) 20 Michael Schwarz, Moritz Lipp, Daniel Gruss

69 Page Border Detection Border of pages leak 12 or 21 bits (depending on page size) Create huge array 20 Michael Schwarz, Moritz Lipp, Daniel Gruss

70 Page Border Detection Border of pages leak 12 or 21 bits (depending on page size) Create huge array Iterate over array, measure access time 20 Michael Schwarz, Moritz Lipp, Daniel Gruss

71 Page Border Detection Border of pages leak 12 or 21 bits (depending on page size) Create huge array Iterate over array, measure access time Page border raise pagefault, taking significantly longer to access 20 Michael Schwarz, Moritz Lipp, Daniel Gruss

72 Page Border Detection Access time [cycles] Array offset [KB] Michael Schwarz, Moritz Lipp, Daniel Gruss

73 Page Border Detection with Random Access Access time [cycles] ,000 2,000 3,000 4,000 5,000 Array offset [KB] 22 Michael Schwarz, Moritz Lipp, Daniel Gruss

74 Interrupt Detection Multithreading allows to detect interrupts 23 Michael Schwarz, Moritz Lipp, Daniel Gruss

75 Interrupt Detection Multithreading allows to detect interrupts Endless loop which counts number of increments in time window 23 Michael Schwarz, Moritz Lipp, Daniel Gruss

76 Interrupt Detection Multithreading allows to detect interrupts Endless loop which counts number of increments in time window Different number of increments indicate interrupt 23 Michael Schwarz, Moritz Lipp, Daniel Gruss

77 Interrupt Detection Multithreading allows to detect interrupts Endless loop which counts number of increments in time window Different number of increments indicate interrupt Fuzzy time prevents deterministic equally-sized time window 23 Michael Schwarz, Moritz Lipp, Daniel Gruss

78 Interrupt Detection Delta [counter] 1,850 1,800 1,750 tap tap tap tap 1, Runtime [s] 24 Michael Schwarz, Moritz Lipp, Daniel Gruss

79 Interrupt Detection with Fuzzy Time Delta [counter] tap tap tap tap Runtime [s] 25 Michael Schwarz, Moritz Lipp, Daniel Gruss

80 Event Queue Spying Messages between web workers are handled in the event queue 26 Michael Schwarz, Moritz Lipp, Daniel Gruss

81 Event Queue Spying Messages between web workers are handled in the event queue User activity is also handled in the event queue 26 Michael Schwarz, Moritz Lipp, Daniel Gruss

82 Event Queue Spying Messages between web workers are handled in the event queue User activity is also handled in the event queue Posting many messages allows to measure latency 26 Michael Schwarz, Moritz Lipp, Daniel Gruss

83 Event Queue Spying Messages between web workers are handled in the event queue User activity is also handled in the event queue Posting many messages allows to measure latency Latency indicates user input 26 Michael Schwarz, Moritz Lipp, Daniel Gruss

84 Event Queue Spying Delta [ms] ,560 2,570 2,580 2,590 2,600 2,610 2,620 2,630 2,640 Runtime [ms] 27 Michael Schwarz, Moritz Lipp, Daniel Gruss

85 Event Queue Spying with Message Delay Delta [ms] ,860 2,870 2,880 2,890 2,900 2,910 2,920 2,930 2,940 Runtime [ms] 28 Michael Schwarz, Moritz Lipp, Daniel Gruss

86 SharedArrayBuffer Timing Primitive SharedArrayBuffer allows to build a timing primitive with the highest resolution 29 Michael Schwarz, Moritz Lipp, Daniel Gruss

87 SharedArrayBuffer Timing Primitive SharedArrayBuffer allows to build a timing primitive with the highest resolution One web worker continuously increments variable in the shared array 29 Michael Schwarz, Moritz Lipp, Daniel Gruss

88 SharedArrayBuffer Timing Primitive SharedArrayBuffer allows to build a timing primitive with the highest resolution One web worker continuously increments variable in the shared array Other worker uses this as a timestamp 29 Michael Schwarz, Moritz Lipp, Daniel Gruss

89 SharedArrayBuffer Timing Primitive SharedArrayBuffer allows to build a timing primitive with the highest resolution One web worker continuously increments variable in the shared array Other worker uses this as a timestamp Adding random delay to access degrades resolution 29 Michael Schwarz, Moritz Lipp, Daniel Gruss

90 SharedArrayBuffer 30 Michael Schwarz, Moritz Lipp, Daniel Gruss

91 SharedArrayBuffer with Random Delay 31 Michael Schwarz, Moritz Lipp, Daniel Gruss

92 Defense Prevents Rowham- Page Dedu- DRAM Covert Anti- Cache Keystroke Browser mer.js plication Channel ASLR Eviction Timing Buffer ASLR Array preloading Non-deterministic array Array index randomization Low-resolution timestamp Fuzzy time * * * * WebWorker polyfill Message delay Slow SharedArrayBuffer No SharedArrayBuffer * * * * Summary Symbols indicate whether a policy fully prevents an attack, ( ), partly prevents and attack by making it more difficult ( ), or does not prevent an attack ( ). A star (*) indicates that all policies marked with a star must be combined to prevent an attack. 32 Michael Schwarz, Moritz Lipp, Daniel Gruss

93 User Experience 33 Michael Schwarz, Moritz Lipp, Daniel Gruss

94 Conclusion Just rounding timers is not sufficient 34 Michael Schwarz, Moritz Lipp, Daniel Gruss

95 Conclusion Just rounding timers is not sufficient Multithreading and shared data allow to build new timers 34 Michael Schwarz, Moritz Lipp, Daniel Gruss

96 Conclusion Just rounding timers is not sufficient Multithreading and shared data allow to build new timers Microarchitectural attacks in the browser are possible at the moment 34 Michael Schwarz, Moritz Lipp, Daniel Gruss

97 Conclusion Just rounding timers is not sufficient Multithreading and shared data allow to build new timers Microarchitectural attacks in the browser are possible at the moment Efficient countermeasures can be implemented in browsers 34 Michael Schwarz, Moritz Lipp, Daniel Gruss

98 Conclusion Just rounding timers is not sufficient Multithreading and shared data allow to build new timers Microarchitectural attacks in the browser are possible at the moment Efficient countermeasures can be implemented in browsers More microarchitectural attacks in JavaScript will appear 34 Michael Schwarz, Moritz Lipp, Daniel Gruss

99

Similar documents

Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript

Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript Michael Schwarz, Clémentine Maurice, Daniel Gruss, Stefan Mangard Graz University of Technology April 2017

More information

From bottom to top: Exploiting hardware side channels in web browsers

From bottom to top: Exploiting hardware side channels in web browsers From bottom to top: Exploiting hardware side channels in web browsers Clémentine Maurice, Graz University of Technology July 4, 2017 RMLL, Saint-Étienne, France Rennes Graz Clémentine Maurice PhD since

More information

Practical Keystroke Timing Attacks in Sandboxed JavaScript

Practical Keystroke Timing Attacks in Sandboxed JavaScript Practical Keystroke Timing Attacks in Sandboxed JavaScript M. Lipp, D. Gruss, M. Schwarz, D. Bidner, C. Maurice, S. Mangard Sep 11, 2017 ESORICS 17 Graz University of Technology Motivation Keystroke timing

More information

ARMageddon: Cache Attacks on Mobile Devices

ARMageddon: Cache Attacks on Mobile Devices ARMageddon: Cache Attacks on Mobile Devices Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, Stefan Mangard Graz University of Technology 1 TLDR powerful cache attacks (like Flush+Reload)

More information

Trusted Browsers for Uncertain Times

Trusted Browsers for Uncertain Times Trusted Browsers for Uncertain Times David Kohlbrenner and Hovav Shacham UC San Diego Building a browser that can provably mitigate timing attacks Trusted Browsers for Uncertain Times Time and web browsers

More information

Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud

Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud Clémentine Maurice, Manuel Weber, Michael Schwarz, Lukas Giner, Daniel Gruss, Carlo Alberto Boano, Stefan Mangard, Kay Römer

More information

Memory Management. Disclaimer: some slides are adopted from book authors slides with permission 1

Memory Management. Disclaimer: some slides are adopted from book authors slides with permission 1 Memory Management Disclaimer: some slides are adopted from book authors slides with permission 1 CPU management Roadmap Process, thread, synchronization, scheduling Memory management Virtual memory Disk

More information

Spectre and Meltdown: Data leaks during speculative execution

Spectre and Meltdown: Data leaks during speculative execution Spectre and Meltdown: Data leaks during speculative execution Speaker: Jann Horn (Google Project Zero) Paul Kocher (independent) Daniel Genkin (University of Pennsylvania and University of Maryland) Yuval

More information

Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX

Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX W. Wang, G. Chen, X, Pan, Y. Zhang, XF. Wang, V. Bindschaedler, H. Tang, C. Gunter. September 19, 2017 Motivation Intel

More information

When Good Turns Evil: Using Intel SGX to Stealthily Steal Bitcoins

When Good Turns Evil: Using Intel SGX to Stealthily Steal Bitcoins When Good Turns Evil: Using Intel SGX to Stealthily Steal Bitcoins Michael Schwarz, Moritz Lipp michael.schwarz@iaik.tugraz.at, moritz.lipp@iaik.tugraz.at Abstract In our talk, we show that despite all

More information

A Predictable RTOS. Mantis Cheng Department of Computer Science University of Victoria

A Predictable RTOS. Mantis Cheng Department of Computer Science University of Victoria A Predictable RTOS Mantis Cheng Department of Computer Science University of Victoria Outline I. Analysis of Timeliness Requirements II. Analysis of IO Requirements III. Time in Scheduling IV. IO in Scheduling

More information

CSE 127 Computer Security

CSE 127 Computer Security CSE 127 Computer Security Stefan Savage, Spring 2018, Lecture 19 Hardware Security: Meltdown, Spectre, Rowhammer Vulnerabilities and Abstractions Abstraction Reality Vulnerability Review: ISA and µarchitecture

More information

Rowhammer.js: Root privileges for web apps?

Rowhammer.js: Root privileges for web apps? Rowhammer.js: Root privileges for web apps? Daniel Gruss (@lavados) 1, Clémentine Maurice (@BloodyTangerine) 2 1 IAIK, Graz University of Technology / 2 Technicolor and Eurecom 1 Rennes Graz Clémentine

More information

Memory Management. Disclaimer: some slides are adopted from book authors slides with permission 1

Memory Management. Disclaimer: some slides are adopted from book authors slides with permission 1 Memory Management Disclaimer: some slides are adopted from book authors slides with permission 1 Recap Paged MMU: Two main Issues Translation speed can be slow TLB Table size is big Multi-level page table

More information

LabVIEW programming II

LabVIEW programming II FYS3240 PC-based instrumentation and microcontrollers LabVIEW programming II Spring 2016 Lecture #3 Bekkeng 18.01.2016 Dataflow programming With a dataflow model, nodes on a block diagram are connected

More information

Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX. Yeongjin Jang, Sangho Lee, and Taesoo Kim Georgia Institute of Technology

Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX. Yeongjin Jang, Sangho Lee, and Taesoo Kim Georgia Institute of Technology Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX Yeongjin Jang, Sangho Lee, and Taesoo Kim Georgia Institute of Technology Kernel Address Space Layout Randomization (KASLR) A statistical

More information

Rowhammer.js: A Remote Software- Induced Fault Attack in Javascript

Rowhammer.js: A Remote Software- Induced Fault Attack in Javascript Rowhammer.js: A Remote Software- Induced Fault Attack in Javascript Daniel Gruss, Clementine Maurice and Stefan Mangard Graz University of Technology, Austria Rowhammer bug (I) Different DRAM cells can

More information

Adaptive algorithm for High-Performance FPGA Cores

Adaptive algorithm for High-Performance FPGA Cores 1 Adaptive algorithm for High-Performance FPGA Cores Shankar Dheeraj Konidena dheeraj@ittc.ku.edu 2 Introduction Issue Background Architecture Implementation Results Conclusion & Future work Questions

More information

Meltdown or "Holy Crap: How did we do this to ourselves" Meltdown exploits side effects of out-of-order execution to read arbitrary kernelmemory

Meltdown or Holy Crap: How did we do this to ourselves Meltdown exploits side effects of out-of-order execution to read arbitrary kernelmemory Meltdown or "Holy Crap: How did we do this to ourselves" Abstract Meltdown exploits side effects of out-of-order execution to read arbitrary kernelmemory locations Breaks all security assumptions given

More information

Who am I? Moritz Lipp PhD Graz University of

Who am I? Moritz Lipp PhD Graz University of Who am I? Moritz Lipp PhD student @ Graz University of Technology @mlqxyz moritz.lipp@iaik.tugraz.at 1 Moritz Lipp, Michael Schwarz, Daniel Gruss Graz University of Technology Who am I? Michael Schwarz

More information

CUDA GPGPU Workshop 2012

CUDA GPGPU Workshop 2012 CUDA GPGPU Workshop 2012 Parallel Programming: C thread, Open MP, and Open MPI Presenter: Nasrin Sultana Wichita State University 07/10/2012 Parallel Programming: Open MP, MPI, Open MPI & CUDA Outline

More information

Reliably Measuring Responsiveness in the Wild

Reliably Measuring Responsiveness in the Wild Reliably Measuring Responsiveness in the Wild Shubhie Panicker Nic Jansma @shubhie @nicj When is load? Old load metrics don t capture user experience. We need to rethink our metrics and focus on what

More information

Lecture 25: Board Notes: Threads and GPUs

Lecture 25: Board Notes: Threads and GPUs Lecture 25: Board Notes: Threads and GPUs Announcements: - Reminder: HW 7 due today - Reminder: Submit project idea via (plain text) email by 11/24 Recap: - Slide 4: Lecture 23: Introduction to Parallel

More information

Chapter 8: Virtual Memory. Operating System Concepts

Chapter 8: Virtual Memory. Operating System Concepts Chapter 8: Virtual Memory Silberschatz, Galvin and Gagne 2009 Chapter 8: Virtual Memory Background Demand Paging Copy-on-Write Page Replacement Allocation of Frames Thrashing Memory-Mapped Files Allocating

More information

Micro-architectural Attacks. Chester Rebeiro IIT Madras

Micro-architectural Attacks. Chester Rebeiro IIT Madras Micro-architectural Attacks Chester Rebeiro IIT Madras 1 Cryptography Passwords Information Flow Policies Privileged Rings ASLR Virtual Machines and confinement Javascript and HTML5 (due to restricted

More information

Virtual Memory. Patterson & Hennessey Chapter 5 ELEC 5200/6200 1

Virtual Memory. Patterson & Hennessey Chapter 5 ELEC 5200/6200 1 Virtual Memory Patterson & Hennessey Chapter 5 ELEC 5200/6200 1 Virtual Memory Use main memory as a cache for secondary (disk) storage Managed jointly by CPU hardware and the operating system (OS) Programs

More information

Malware Guard Extension: Using SGX to Conceal Cache Attacks

Malware Guard Extension: Using SGX to Conceal Cache Attacks Malware Guard Extension: Using SGX to Conceal Cache Attacks Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, and Stefan Mangard Graz University of Technology, Austria Abstract. In modern

More information

c. What are the machine cycle times (in nanoseconds) of the non-pipelined and the pipelined implementations?

c. What are the machine cycle times (in nanoseconds) of the non-pipelined and the pipelined implementations? Brown University School of Engineering ENGN 164 Design of Computing Systems Professor Sherief Reda Homework 07. 140 points. Due Date: Monday May 12th in B&H 349 1. [30 points] Consider the non-pipelined

More information

Chapter 2. Parallel Hardware and Parallel Software. An Introduction to Parallel Programming. The Von Neuman Architecture

Chapter 2. Parallel Hardware and Parallel Software. An Introduction to Parallel Programming. The Von Neuman Architecture An Introduction to Parallel Programming Peter Pacheco Chapter 2 Parallel Hardware and Parallel Software 1 The Von Neuman Architecture Control unit: responsible for deciding which instruction in a program

More information

ENGN 2910A Homework 03 (140 points) Due Date: Oct 3rd 2013

ENGN 2910A Homework 03 (140 points) Due Date: Oct 3rd 2013 ENGN 2910A Homework 03 (140 points) Due Date: Oct 3rd 2013 Professor: Sherief Reda School of Engineering, Brown University 1. [from Debois et al. 30 points] Consider the non-pipelined implementation of

More information

SysSec. Aurélien Francillon

SysSec. Aurélien Francillon SysSec Aurélien Francillon francill@eurecom.fr https://www.krackattacks.com/ https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-ofhigh-security-keys-750k-estonian-ids/

More information

Memory Management. Disclaimer: some slides are adopted from book authors slides with permission 1

Memory Management. Disclaimer: some slides are adopted from book authors slides with permission 1 Memory Management Disclaimer: some slides are adopted from book authors slides with permission 1 Demand paging Concepts to Learn 2 Abstraction Virtual Memory (VM) 4GB linear address space for each process

More information

Using Software Transactional Memory In Interrupt-Driven Systems

Using Software Transactional Memory In Interrupt-Driven Systems Using Software Transactional Memory In Interrupt-Driven Systems Department of Mathematics, Statistics, and Computer Science Marquette University Thesis Defense Introduction Thesis Statement Software transactional

More information

CS555: Distributed Systems [Fall 2017] Dept. Of Computer Science, Colorado State University

CS555: Distributed Systems [Fall 2017] Dept. Of Computer Science, Colorado State University CS 555: DISTRIBUTED SYSTEMS [THREADS] Shrideep Pallickara Computer Science Colorado State University Frequently asked questions from the previous class survey Shuffle less/shuffle better Which actions?

More information

Interrupts and Time. Real-Time Systems, Lecture 5. Martina Maggio 28 January Lund University, Department of Automatic Control

Interrupts and Time. Real-Time Systems, Lecture 5. Martina Maggio 28 January Lund University, Department of Automatic Control Interrupts and Time Real-Time Systems, Lecture 5 Martina Maggio 28 January 2016 Lund University, Department of Automatic Control Content [Real-Time Control System: Chapter 5] 1. Interrupts 2. Clock Interrupts

More information

Virtual Memory. Reading. Sections 5.4, 5.5, 5.6, 5.8, 5.10 (2) Lecture notes from MKP and S. Yalamanchili

Virtual Memory. Reading. Sections 5.4, 5.5, 5.6, 5.8, 5.10 (2) Lecture notes from MKP and S. Yalamanchili Virtual Memory Lecture notes from MKP and S. Yalamanchili Sections 5.4, 5.5, 5.6, 5.8, 5.10 Reading (2) 1 The Memory Hierarchy ALU registers Cache Memory Memory Memory Managed by the compiler Memory Managed

More information

CS307: Operating Systems

CS307: Operating Systems CS307: Operating Systems Chentao Wu 吴晨涛 Associate Professor Dept. of Computer Science and Engineering Shanghai Jiao Tong University SEIEE Building 3-513 wuct@cs.sjtu.edu.cn Download Lectures ftp://public.sjtu.edu.cn

More information

arxiv: v1 [cs.cr] 3 Jan 2018

arxiv: v1 [cs.cr] 3 Jan 2018 Meltdown arxiv:1801.01207v1 [cs.cr] 3 Jan 2018 Abstract Moritz Lipp 1, Michael Schwarz 1, Daniel Gruss 1, Thomas Prescher 2, Werner Haas 2, Stefan Mangard 1, Paul Kocher 3, Daniel Genkin 4, Yuval Yarom

More information

Interrupts and Time. Interrupts. Content. Real-Time Systems, Lecture 5. External Communication. Interrupts. Interrupts

Interrupts and Time. Interrupts. Content. Real-Time Systems, Lecture 5. External Communication. Interrupts. Interrupts Content Interrupts and Time Real-Time Systems, Lecture 5 [Real-Time Control System: Chapter 5] 1. Interrupts 2. Clock Interrupts Martina Maggio 25 January 2017 Lund University, Department of Automatic

More information

Design Patterns for Real-Time Computer Music Systems

Design Patterns for Real-Time Computer Music Systems Design Patterns for Real-Time Computer Music Systems Roger B. Dannenberg and Ross Bencina 4 September 2005 This document contains a set of design patterns for real time systems, particularly for computer

More information

Advanced Systems Security: Program Diversity

Advanced Systems Security: Program Diversity Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:

More information

Évolution des attaques sur la micro-architecture

Évolution des attaques sur la micro-architecture Évolution des attaques sur la micro-architecture Clémentine Maurice, CNRS, IRISA 23 Janvier 2019 Journée Nouvelles Avancées en Sécurité des Systèmes d Information, INSA de Toulouse/LAAS-CNRS Attacks on

More information

Virtual Memory. Reading: Silberschatz chapter 10 Reading: Stallings. chapter 8 EEL 358

Virtual Memory. Reading: Silberschatz chapter 10 Reading: Stallings. chapter 8 EEL 358 Virtual Memory Reading: Silberschatz chapter 10 Reading: Stallings chapter 8 1 Outline Introduction Advantages Thrashing Principal of Locality VM based on Paging/Segmentation Combined Paging and Segmentation

More information

SGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut

SGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut SGX Security Background Masab Ahmad masab.ahmad@uconn.edu Department of Electrical and Computer Engineering University of Connecticut 1 Security Background Outline Cryptographic Primitives Cryptographic

More information

Micro-Architectural Attacks and Countermeasures

Micro-Architectural Attacks and Countermeasures Micro-Architectural Attacks and Countermeasures Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 25 Contents Micro-Architectural Attacks Cache Attacks Branch Prediction Attack

More information

IX: A Protected Dataplane Operating System for High Throughput and Low Latency

IX: A Protected Dataplane Operating System for High Throughput and Low Latency IX: A Protected Dataplane Operating System for High Throughput and Low Latency Adam Belay et al. Proc. of the 11th USENIX Symp. on OSDI, pp. 49-65, 2014. Presented by Han Zhang & Zaina Hamid Challenges

More information

CPU Scheduling. Daniel Mosse. (Most slides are from Sherif Khattab and Silberschatz, Galvin and Gagne 2013)

CPU Scheduling. Daniel Mosse. (Most slides are from Sherif Khattab and Silberschatz, Galvin and Gagne 2013) CPU Scheduling Daniel Mosse (Most slides are from Sherif Khattab and Silberschatz, Galvin and Gagne 2013) Basic Concepts Maximum CPU utilization obtained with multiprogramming CPU I/O Burst Cycle Process

More information

Virtual Memory III. Jo, Heeseung

Virtual Memory III. Jo, Heeseung Virtual Memory III Jo, Heeseung Today's Topics What if the physical memory becomes full? Page replacement algorithms How to manage memory among competing processes? Advanced virtual memory techniques Shared

More information

ronny@mit.edu www.cag.lcs.mit.edu/scale Introduction Architectures are all about exploiting the parallelism inherent to applications Performance Energy The Vector-Thread Architecture is a new approach

More information

Multimedia Systems 2011/2012

Multimedia Systems 2011/2012 Multimedia Systems 2011/2012 System Architecture Prof. Dr. Paul Müller University of Kaiserslautern Department of Computer Science Integrated Communication Systems ICSY http://www.icsy.de Sitemap 2 Hardware

More information

arxiv: v2 [cs.cr] 19 Jun 2016

arxiv: v2 [cs.cr] 19 Jun 2016 ARMageddon: Cache Attacks on Mobile Devices Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, and Stefan Mangard Graz University of Technology, Austria arxiv:1511.04897v2 [cs.cr] 19 Jun

More information

White Paper. How the Meltdown and Spectre bugs work and what you can do to prevent a performance plummet. Contents

White Paper. How the Meltdown and Spectre bugs work and what you can do to prevent a performance plummet. Contents White Paper How the Meltdown and Spectre bugs work and what you can do to prevent a performance plummet Programs that do a lot of I/O are likely to be the worst hit by the patches designed to fix the Meltdown

More information

Real-Time Performance of Linux. OS Latency

Real-Time Performance of Linux. OS Latency Real-Time Performance of Linux Among others: A Measurement-Based Analysis of the Real- Time Performance of Linux (L. Abeni, A. Goel, C. Krasic, J. Snow, J. Walpole) [RTAS 2002] OS Latency Definition [OS

More information

(b) External fragmentation can happen in a virtual memory paging system.

(b) External fragmentation can happen in a virtual memory paging system. Alexandria University Faculty of Engineering Electrical Engineering - Communications Spring 2015 Final Exam CS333: Operating Systems Wednesday, June 17, 2015 Allowed Time: 3 Hours Maximum: 75 points Note:

More information

Honours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui

Honours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui Honours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui Projects 1 Information flow analysis for mobile applications 2 2 Machine-learning-guide typestate analysis for UAF vulnerabilities 3 3 Preventing

More information

Remaining Contemplation Questions

Remaining Contemplation Questions Process Synchronisation Remaining Contemplation Questions 1. The first known correct software solution to the critical-section problem for two processes was developed by Dekker. The two processes, P0 and

More information

GLOSSARY. VisualDSP++ Kernel (VDK) User s Guide B-1

GLOSSARY. VisualDSP++ Kernel (VDK) User s Guide B-1 B GLOSSARY Application Programming Interface (API) A library of C/C++ functions and assembly macros that define VDK services. These services are essential for kernel-based application programs. The services

More information

Malware Guard Extension: Using SGX to Conceal Cache Attacks (Extended Version)

Malware Guard Extension: Using SGX to Conceal Cache Attacks (Extended Version) Malware Guard Extension: Using SGX to Conceal Cache Attacks (Exted Version) Michael Schwarz Graz University of Technology Email: michael.schwarz@iaik.tugraz.at Samuel Weiser Graz University of Technology

More information

(Refer Slide Time: 1:26)

(Refer Slide Time: 1:26) Information Security-3 Prof. V Kamakoti Department of Computer science and Engineering Indian Institute of Technology Madras Basics of Unix and Network Administration Operating Systems Introduction Mod01,

More information

PAGE REPLACEMENT. Operating Systems 2015 Spring by Euiseong Seo

PAGE REPLACEMENT. Operating Systems 2015 Spring by Euiseong Seo PAGE REPLACEMENT Operating Systems 2015 Spring by Euiseong Seo Today s Topics What if the physical memory becomes full? Page replacement algorithms How to manage memory among competing processes? Advanced

More information

Java 8 Programming for OO Experienced Developers

Java 8 Programming for OO Experienced Developers www.peaklearningllc.com Java 8 Programming for OO Experienced Developers (5 Days) This course is geared for developers who have prior working knowledge of object-oriented programming languages such as

More information

CPU Scheduling. Operating Systems (Fall/Winter 2018) Yajin Zhou ( Zhejiang University

CPU Scheduling. Operating Systems (Fall/Winter 2018) Yajin Zhou ( Zhejiang University Operating Systems (Fall/Winter 2018) CPU Scheduling Yajin Zhou (http://yajin.org) Zhejiang University Acknowledgement: some pages are based on the slides from Zhi Wang(fsu). Review Motivation to use threads

More information

Lecture 15 Designing Trusted Operating Systems

Lecture 15 Designing Trusted Operating Systems Lecture 15 Designing Trusted Operating Systems Thierry Sans 15-349: Introduction to Computer and Network Security Anatomy of an operating system Concept of Kernel Definition Component that provides an

More information

CS 5523 Operating Systems: Memory Management (SGG-8)

CS 5523 Operating Systems: Memory Management (SGG-8) CS 5523 Operating Systems: Memory Management (SGG-8) Instructor: Dr Tongping Liu Thank Dr Dakai Zhu, Dr Palden Lama, and Dr Tim Richards (UMASS) for providing their slides Outline Simple memory management:

More information

LabVIEW programming II

LabVIEW programming II FYS3240-4240 Data acquisition & control LabVIEW programming II Spring 2018 Lecture #3 Bekkeng 14.01.2018 Dataflow programming With a dataflow model, nodes on a block diagram are connected to one another

More information

CSE 410: Systems Programming

CSE 410: Systems Programming CSE 410: Systems Programming Concurrency Ethan Blanton Department of Computer Science and Engineering University at Buffalo Logical Control Flows The text defines a logical control flow as: [A] series

More information

CSE398: Network Systems Design

CSE398: Network Systems Design CSE398: Network Systems Design Instructor: Dr. Liang Cheng Department of Computer Science and Engineering P.C. Rossin College of Engineering & Applied Science Lehigh University February 23, 2005 Outline

More information

!! How is a thread different from a process? !! Why are threads useful? !! How can POSIX threads be useful?

!! How is a thread different from a process? !! Why are threads useful? !! How can POSIX threads be useful? Chapter 2: Threads: Questions CSCI [4 6]730 Operating Systems Threads!! How is a thread different from a process?!! Why are threads useful?!! How can OSIX threads be useful?!! What are user-level and kernel-level

More information

OPERATING SYSTEM. Chapter 9: Virtual Memory

OPERATING SYSTEM. Chapter 9: Virtual Memory OPERATING SYSTEM Chapter 9: Virtual Memory Chapter 9: Virtual Memory Background Demand Paging Copy-on-Write Page Replacement Allocation of Frames Thrashing Memory-Mapped Files Allocating Kernel Memory

More information

Course Details. Operating Systems with C/C++ Course Details. What is an Operating System?

Course Details. Operating Systems with C/C++ Course Details. What is an Operating System? Lecture Course in Autumn Term 2013 University of Birmingham Lecture notes and resources: http://www.cs.bham.ac.uk/ exr/teaching/lectures/opsys/13_14 closed facebook group: UoBOperatingSystems anyone registered

More information

Evaluating BFT Protocols for Spire

Evaluating BFT Protocols for Spire Evaluating BFT Protocols for Spire Henry Schuh & Sam Beckley 600.667 Advanced Distributed Systems & Networks SCADA & Spire Overview High-Performance, Scalable Spire Trusted Platform Module Known Network

More information

CMU /618 Practice Exercise 1

CMU /618 Practice Exercise 1 CMU 15-418/618 Practice Exercise 1 A Task Queue on a Multi-Core, Multi-Threaded CPU The figure below shows a simple single-core CPU with an and execution contexts for up to two threads of control. Core

More information

Introduction to Multicore Programming

Introduction to Multicore Programming Introduction to Multicore Programming Minsoo Ryu Department of Computer Science and Engineering 2 1 Multithreaded Programming 2 Synchronization 3 Automatic Parallelization and OpenMP 4 GPGPU 5 Q& A 2 Multithreaded

More information

Flush+Flush: A Stealthier Last-Level Cache Attack

Flush+Flush: A Stealthier Last-Level Cache Attack Flush+Flush: A Stealthier Last-Level Cache Attack Daniel Gruss Graz University of Technology, Austria daniel.gruss@iaik.tugraz.at Clémentine Maurice Technicolor, Rennes, France Eurecom, Sophia-Antipolis,

More information

Meltdown and Spectre - understanding and mitigating the threats (Part Deux)

Meltdown and Spectre - understanding and mitigating the threats (Part Deux) Meltdown and Spectre - understanding and mitigating the threats (Part Deux) Gratuitous vulnerability logos Jake Williams @MalwareJake SANS / Rendition Infosec sans.org / rsec.us @SANSInstitute / @RenditionSec

More information

L0 L1 L2 L3 T0 T1 T2 T3. Eth1-4. Eth1-4. Eth1-2 Eth1-2 Eth1-2 Eth Eth3-4 Eth3-4 Eth3-4 Eth3-4.

L0 L1 L2 L3 T0 T1 T2 T3. Eth1-4. Eth1-4. Eth1-2 Eth1-2 Eth1-2 Eth Eth3-4 Eth3-4 Eth3-4 Eth3-4. Click! N P 10.3.0.1 10.3.1.1 Eth33 Eth1-4 Eth1-4 C0 C1 Eth1-2 Eth1-2 Eth1-2 Eth1-2 10.2.0.1 10.2.1.1 10.2.2.1 10.2.3.1 Eth3-4 Eth3-4 Eth3-4 Eth3-4 L0 L1 L2 L3 Eth24-25 Eth1-24 Eth24-25 Eth24-25 Eth24-25

More information

Chapter 8: Virtual Memory. Operating System Concepts Essentials 2 nd Edition

Chapter 8: Virtual Memory. Operating System Concepts Essentials 2 nd Edition Chapter 8: Virtual Memory Silberschatz, Galvin and Gagne 2013 Chapter 8: Virtual Memory Background Demand Paging Copy-on-Write Page Replacement Allocation of Frames Thrashing Memory-Mapped Files Allocating

More information

EECE.4810/EECE.5730: Operating Systems Spring Midterm Exam March 8, Name: Section: EECE.4810 (undergraduate) EECE.

EECE.4810/EECE.5730: Operating Systems Spring Midterm Exam March 8, Name: Section: EECE.4810 (undergraduate) EECE. EECE.4810/EECE.5730: Operating Systems Spring 2017 Midterm Exam March 8, 2017 Name: Section: EECE.4810 (undergraduate) EECE.5730 (graduate) For this exam, you may use two 8.5 x 11 double-sided page of

More information

CS 426 Parallel Computing. Parallel Computing Platforms

CS 426 Parallel Computing. Parallel Computing Platforms CS 426 Parallel Computing Parallel Computing Platforms Ozcan Ozturk http://www.cs.bilkent.edu.tr/~ozturk/cs426/ Slides are adapted from ``Introduction to Parallel Computing'' Topic Overview Implicit Parallelism:

More information

Virtual Memory Outline

Virtual Memory Outline Virtual Memory Outline Background Demand Paging Copy-on-Write Page Replacement Allocation of Frames Thrashing Memory-Mapped Files Allocating Kernel Memory Other Considerations Operating-System Examples

More information

Commercial Real-time Operating Systems An Introduction. Swaminathan Sivasubramanian Dependable Computing & Networking Laboratory

Commercial Real-time Operating Systems An Introduction. Swaminathan Sivasubramanian Dependable Computing & Networking Laboratory Commercial Real-time Operating Systems An Introduction Swaminathan Sivasubramanian Dependable Computing & Networking Laboratory swamis@iastate.edu Outline Introduction RTOS Issues and functionalities LynxOS

More information

LK-Tris: A embedded game on a phone. from Michael Zimmermann

LK-Tris: A embedded game on a phone. from Michael Zimmermann LK-Tris: A embedded game on a phone from Michael Zimmermann Index 1) Project Goals 1.1) Must Haves 1.2) Nice to Haves 1.3) What I realized 2) What is embedded Software? 2.1) Little Kernel (LK) 3) Hardware

More information

Internet Programming Week 10. Instructor: Paulo Fernandes Applied Computer Science University of Winnipeg

Internet Programming Week 10. Instructor: Paulo Fernandes Applied Computer Science University of Winnipeg Internet Programming Week 10 Instructor: Paulo Fernandes Applied Computer Science University of Winnipeg Web Workers Slides only Threading Ever get a slow script message? Q) How could a script be slow

More information

CS 161 Computer Security

CS 161 Computer Security Paxson Spring 2017 CS 161 Computer Security Discussion 2 Question 1 Software Vulnerabilities (15 min) For the following code, assume an attacker can control the value of basket passed into eval basket.

More information

Tales of the Tail Hardware, OS, and Application-level Sources of Tail Latency

Tales of the Tail Hardware, OS, and Application-level Sources of Tail Latency Tales of the Tail Hardware, OS, and Application-level Sources of Tail Latency Jialin Li, Naveen Kr. Sharma, Dan R. K. Ports and Steven D. Gribble February 2, 2015 1 Introduction What is Tail Latency? What

More information

Introduction to Concurrency (Processes, Threads, Interrupts, etc.)

Introduction to Concurrency (Processes, Threads, Interrupts, etc.) Introduction to Concurrency (Processes, Threads, Interrupts, etc.) CS-3013 Operating Systems Hugh C. Lauer (Slides include materials from Slides include materials from Modern Operating Systems, 3 rd ed.,

More information

Chapter 10: Virtual Memory. Lesson 05: Translation Lookaside Buffers

Chapter 10: Virtual Memory. Lesson 05: Translation Lookaside Buffers Chapter 10: Virtual Memory Lesson 05: Translation Lookaside Buffers Objective Learn that a page table entry access increases the latency for a memory reference Understand that how use of translationlookaside-buffers

More information

HY225 Lecture 12: DRAM and Virtual Memory

HY225 Lecture 12: DRAM and Virtual Memory HY225 Lecture 12: DRAM and irtual Memory Dimitrios S. Nikolopoulos University of Crete and FORTH-ICS May 16, 2011 Dimitrios S. Nikolopoulos Lecture 12: DRAM and irtual Memory 1 / 36 DRAM Fundamentals Random-access

More information

OS: An Overview. ICS332 Operating Systems

OS: An Overview. ICS332 Operating Systems OS: An Overview ICS332 Operating Systems Why are we studying this? After all, you probably will not develop an OS Important to understand what you use: Develop better (apps); What can and cannot be done;

More information

Grand Central Dispatch

Grand Central Dispatch A better way to do multicore. (GCD) is a revolutionary approach to multicore computing. Woven throughout the fabric of Mac OS X version 10.6 Snow Leopard, GCD combines an easy-to-use programming model

More information

Dan Noé University of New Hampshire / VeloBit

Dan Noé University of New Hampshire / VeloBit Dan Noé University of New Hampshire / VeloBit A review of how the CPU works The operating system kernel and when it runs User and kernel mode Device drivers Virtualization of memory Virtual memory Paging

More information

Instruction-Level Parallelism and Its Exploitation (Part III) ECE 154B Dmitri Strukov

Instruction-Level Parallelism and Its Exploitation (Part III) ECE 154B Dmitri Strukov Instruction-Level Parallelism and Its Exploitation (Part III) ECE 154B Dmitri Strukov Dealing With Control Hazards Simplest solution to stall pipeline until branch is resolved and target address is calculated

More information

Exam TI2720-C/TI2725-C Embedded Software

Exam TI2720-C/TI2725-C Embedded Software Exam TI2720-C/TI2725-C Embedded Software Wednesday April 16 2014 (18.30-21.30) Koen Langendoen In order to avoid misunderstanding on the syntactical correctness of code fragments in this examination, we

More information

Operating Systems. Lecture Course in Autumn Term 2015 University of Birmingham. Eike Ritter. September 22, 2015

Operating Systems. Lecture Course in Autumn Term 2015 University of Birmingham. Eike Ritter. September 22, 2015 Lecture Course in Autumn Term 2015 University of Birmingham September 22, 2015 Course Details Overview Course Details What is an Operating System? OS Definition and Structure Lecture notes and resources:

More information

OUT-OF-ORDER COMMİT PROCESSORS. Paper by; Adrian Cristal, Daniel Ortega, Josep Llosa and Mateo Valero

OUT-OF-ORDER COMMİT PROCESSORS. Paper by; Adrian Cristal, Daniel Ortega, Josep Llosa and Mateo Valero OUT-OF-ORDER COMMİT PROCESSORS Paper by; Adrian Cristal, Daniel Ortega, Josep Llosa and Mateo Valero INTRODUCTİON Increasing gap between processor speed and memory speed is steadily increasing memory latencies

More information

DT0063 Design tip. Bluetooth Low Energy network: time-stamping and sample-rate-conversion. Purpose and benefits. BLE wireless link overview

DT0063 Design tip. Bluetooth Low Energy network: time-stamping and sample-rate-conversion. Purpose and benefits. BLE wireless link overview DT0063 Design tip Bluetooth Low Energy network: time-stamping and sample-rate-conversion By Andrea Vitali Main components BLUENRG-MS BLUENRG-1 STEVAL- STLKT01V1 Bluetooth Low Energy Network Processor supporting

More information

Department of Computer Science, Institute for System Architecture, Operating Systems Group. Real-Time Systems '08 / '09. Hardware.

Department of Computer Science, Institute for System Architecture, Operating Systems Group. Real-Time Systems '08 / '09. Hardware. Department of Computer Science, Institute for System Architecture, Operating Systems Group Real-Time Systems '08 / '09 Hardware Marcus Völp Outlook Hardware is Source of Unpredictability Caches Pipeline

More information

The Lesson Plan of OS. The syllabus of OS. Access the lesson plan and syllabus at

The Lesson Plan of OS. The syllabus of OS. Access the lesson plan and syllabus at The Lesson Plan of OS The syllabus of OS Access the lesson plan and syllabus at http://mycse/cse The Slide does not contain all the information and cannot be treated as a study material for Operating System.

More information

CS370 Operating Systems

CS370 Operating Systems CS370 Operating Systems Colorado State University Yashwant K Malaiya Spring 2018 L20 Virtual Memory Slides based on Text by Silberschatz, Galvin, Gagne Various sources 1 1 Questions from last time Page

More information

By Arjan Van De Ven, Senior Staff Software Engineer at Intel.

By Arjan Van De Ven, Senior Staff Software Engineer at Intel. Absolute Power By Arjan Van De Ven, Senior Staff Software Engineer at Intel. Abstract: Power consumption is a hot topic from laptop, to datacenter. Recently, the Linux kernel has made huge steps forward

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback